Reply to post: Re: Their Site

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage

Anonymous Coward
Anonymous Coward

Re: Their Site

Does it get messy?

My understanding is that Tickemaster remain the data controller for their customers regardless of who they assign as processors.

It's possible for the data controller to be prosecuted OR the data controller and the processor to be prosecuted (from https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/):

* If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.

* However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019