GDPR FAQs: Is a controller subject to administrative fines for the GDPR violations of its processor?
BCLP is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the GDPR.
ne topic to be discussed includes whether a controller is subject to administrative fines for GDPR violations of its processor. According to the BCLP, there is a common misconception that the GDPR imposes joint and several liability such that a controller could be responsible for an administrative penalty of up to 4% of its annual global turnover if its processor violates the GDPR.
However, there is no indication in the GDPR that a supervisory authority may assess an administrative fine against a controller for the alleged violation of a processor.