Great suggestion, thank you for contributing! Yes, we're looking to do a mini-series on Processors in the new year :)

Great topic for a video, thanks Madhvi! It's essentially the same as if each group member is an unknown third party. There's no free passes for group members. If you have BCRs (and wow, only 200 groups have ever had BCDRs approved so you most likely do not have BCRs) then the BCRs set out the rules - still no free pass, the BCR is a chunky set of rules.

Thanks Adrian! We've got that scheduled and it's rising to the top of the queue, it's a great topic.

Tu peux metez les sous-titres en Francais.

Many thanks! We've not yet but will do :)

@@PrivacyKitchen great! I'm eagerly anticipating watching. By the way, I successfully passed the CIPP/E exam, and I must say your videos were particularly helpful in certain areas. Thank you! 😊

Congratulations!@@Tola_A

For sure! Huge numbers of them in terms of controllers in breach. Here's the official EDPB website rounding up regulatory fines on controllers who breached GDPR: edpb.europa.eu/news/national-news_en. In terms of where people didn't know they were the controller, that's quite rare because you're either saying you didn't know GDPR applied (odd if you process personal data) or generally such rulings are where eg a list provider or recruiter says they're a processor (or joint controller or separate controller) - more about having an argument about what role you had.

@@PrivacyKitchen hmm that’s very helpful, let’s use today’s era as an example right, track and trace app for coronavirus. Would you think NHS is a data controller as they determine the why and how for processing personal data with the track and trace app and then the data processsors would be google, apple ect as they are allowing the app to operate on behalf of the controller. Or would you say nhs apple and google are joint controllers. Just tryna get a clear understanding with a current scenario! Any comment would be helpful

@@ajayxo6712 it's all fact specific but at first blush: NHS controller, everyone else it depends on their access to personal data (if no access, no GDPR role) and then their role

@@PrivacyKitchen thank you that is very informative... Facts are everything... In relation to that list and link you gave would you know any case where a company/person did not report a personal data breach but then was found guilty going against article 33(1) gdpr? Thanks in advance