GDPR: who is responsible?

Under the GDPR data controllers and processors have a shared responsibility to ensure data protection. Data controllers are responsible for determining how personal data is processed while data processors handle the processing on behalf of the controllers. Both roles carry a duty to adhere to GDPR requirements including implementing strong technical and organizational safeguards for data protection maintaining accurate records of processing activities and respecting the rights of individuals whose data is being processed. Furthermore regulatory authorities in each EU member state oversee compliance with the law ensuring that both controllers and processors are accountable, for any breaches.