Strengthening of data processor’s obligations practical guidance from the CNIL

The General Data Protection Regulation n°2016/679 ("GDPR") which will enter into force on May 25th 2018 in all EU countries implements new obligations on every legal entity or natural person processing personal data. While the current regime imposes obligations on the data controller, the GDPR also draws out obligations directly towards the data processor. Any service provider which processes personal data for its customers must therefore comply with a set of obligations in accordance with the GDPR.