In its 37th plenary session, the European Data Protection Borad (edpb) adopted guidelines on the concepts of data controller and processor according to DSGVO, as well as guidelines for users of social media.

The new guidelines are divided into two main parts and contain an explanation of different concepts as well as detailed guidance on the main consequences of these concepts for the controller and the processor.

The Guidelines also include a flowchart providing further practical guidance. The Guidelines will be subject to public consultation.In addition, two working groups were set up. One dealing with complaints following the CJEU Schrems II judgment, the other dealing with the complementary measures for data exporters and importers to ensure adequate protection in the transfer of data in view of the CJEU Schrems II judgment.

Detailed press release and other documents are available at edpb