One of the most complex questions raised by the General Data Protection Regulation (GDPR) is that of data controller vs. data processor. Despite the data controller[1]and data processor[2]definitions provided in article 4 of GDPR, these two concepts remain difficult to ascertain when dealing with daily operations and the complex relationships between companies. In its Opinion...