Subscriber's Only

GDPR “Controller" and “Processor”: Guidelines for Intermediaries

  • Under GDPR, data processors have direct legal obligations and responsibilities and can be held liable for data breaches.
  • If an organisation shares personal data with a third party, it is important to correctly identify which party is a controller and which is a processor.
  • Guidelines issued by the World Employment Confederation provide guidance on the allocation of GDPR roles in the relationship between a client and an HR-Service provider.

This information can only be accessed by qualified members. If you are already a member, please  Sign In. If you have signed in, and still don't have access, please call Member Services at 800-950-9496 (North America) or +44 (0) 203 823 9900 (everywhere else). If you need information about becoming a member, please call us or email us at

Current Members  Sign In | Become a Member Now