Are processors required to fully indemnify controllers for the actions of their subprocessors and subcontractors?


Answer:  Yes. The GDPR imposes two requirements when a company uses a service provider. The first requirement is controllers must “bind[]” every service provider to, at a minimum, the thirteen substantive requirements found in Article 28 concerning the data that will be processed on behalf of a controller. To read more: Click here