Are data processors really immune from data protection fines under GDPR?

Photo: Getty Images

When do regulators choose to go after data processors instead of data controllers?

What matters

Fines for data processors, rather than data controllers, have been few and far between. But this is likely to change.

What matters next

Consideration of processor location, contract terms and size will be increasingly important to manage controller risk when procuring data processing services.

Previous European data protection

Free Trial

Register for free to keep reading.

To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.

Unlimited access to industry insights
Stay on top of key rules and regulatory changes with our Rules Navigator
Ad-free experience with no distractions
Regular podcasts from trusted external experts
Fresh compliance and regulatory content every day

Topics

Latest News

ASIC roundup: Infringement notice for Nexia Perth Audit, and misleading ESG conduct

FTC sues Zillow and Redfin over alleged anticompetitive deal

FINRA disciplinary action update 2025/35

Topics

Latest News

FCA's car finance redress estimates deemed too high

Canada’s October 1 AML rules now in effect

Recap: SEC–CFTC joint roundtable on regulatory harmonization efforts

Topics

Latest News

OPINION: Starving Ecuador's gangs of their cashflow

De-risking your data center with AI

TikTok exposing children to porn is in breach of UK law, new report says

Topics

Latest News

Podcast: Martin Woods' true stories on financial crime, fraud and integrity

Financial regulators discuss challenges at Energy Trading Week Europe

GRIP Extra: Newsom signs AI transparency bill, ESMA publishes 2026 work program