“A key aspect of European Union (EU) data protection law is ensuring all parties dealing with personal data have clearly assigned legal roles, and by extension, responsibilities. Key roles defined by the EU General Data Protection Regulation (GDPR) include controllers, joint controllers, processors, and third parties. An organization’s role determines the scope of its legal responsibilities towards data subjects, and in cross-border scenarios, which national law implementing the GDPR applies, including extensions and derogations …” (more)
Regina Becker, Adrian Thorogood, Jasper Bovenberg, Colin Mitchell and Alison Hall, ‘Applying GDPR roles and responsibilities to scientific data sharing’, International Data Privacy Law, https://doi.org/10.1093/idpl/ipac011. Published 17 May.