Abstract

The article discusses EDPB guidelines 07/2020 devoted to two entities that are of key importance for the protection of personal data, namely controllers and processors. The analysis includes the findings as to how controllers are appointed, how they are distinguished from processors, what are the criteria the entity qualified as a controller needs to fulfil and when do we deal with joint controllers. EDPB Guidelines constitute a good background for reflections concerning the methodology of appointing controllers and joint controllers, as well as findings concerning the method of choosing the processor, determining the content of a contract or other legal act which define the principles of their activities, as well as the scope of controller’s supervision over the processor as regards processing personal data.