BSA | The Software Alliance welcomes the opportunity to provide feedback on the European Data Protection Board’s Guidelines 07/2020 on the concepts of controller and processor in the GDPR. In any privacy framework, the distinction between the roles of controller and processor, and their associated responsibilities, is key for legal certainty and contributes to stronger data protection.

Recognizing the importance of the EDPB’s Guidelines in promoting interoperability, privacy, and clarity, BSA would like to offer specific comments on five aspects of the Guidelines. In doing so, we have sought to highlight the practical application of the Guidelines to the business relationships established between controllers and processors.