The European Data Protection Board has issued GDPR controller-processor guidelines (for consultation) which define the roles and responsibilities for the different actors. Laura Linkomies talks with Elisabeth Jilderyd, International Legal Advisor and Coordinator, International and EU Department at Sweden’s Data Protection Authority about the controller-processor relationship, joint controllers, drawing up agreements between the parties, and their responsibilities in case of a data breach.