Blog Image
Profile Image Verifile
May 17 2019

GDPR FAQs: Is a controller subject to administrative fines for the GDPR violations of its processor?

BCLP is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the GDPR.

ne topic to be discussed includes whether a controller is subject to administrative fines for GDPR violations of its processor. According to the BCLP, there is a common misconception that the GDPR imposes joint and several liability such that a controller could be responsible for an administrative penalty of up to 4% of its annual global turnover if its processor violates the GDPR. 

However, there is no indication in the GDPR that a supervisory authority may assess an administrative fine against a controller for the alleged violation of a processor.