Peter Crowther Discusses Third-Party Risks Under GDPR

Should third-party service providers be fined if they are at fault for a breach of GDPR, or does the fault lie with the company using these service providers? Winston & Strawn London Managing Partner Peter Crowther shared his insights with Compliance Week.

Peter believes while engaging a third party to process data does not of itself absolve the data controller, “it might seem fair to suppose that where a third party is engaged and its data security measures are subsequently found to be insufficient, the third party ought to be fined and not the ‘innocent’ client.”

The wide-ranging discussion sees industry experts discuss recent cases of high-profile companies being found to breach GDPR laws, and highlights several key takeaways compliance officers should take note of.

Read the full article here.