Practically every organisation in the world processes personal data. European data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data.
It also distinguishes among different types of actors involved in the processing and sets out different obligations for each type of actor. The most important distinction in this regard is the distinction between ôcontrollersö and ôprocessorsö. This book seeks to determine whether EU data protection law should continue to maintain its current distinction.