Will GDPR prevent companies using 3rd parties with such a bad history?
GDPR article 28
"Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. " [http://www.privacy-regulation.eu/en/index.htm]
Think Equifax may struggle to provide such guarantees based on recent behaviour. Assuming the regulations expect guarantees to be worth more than the paper they are written on.
Biting the hand that feeds IT
