Legal News

The Information Commissioner’s Office has published new guidance on this in relation to GDPR.

The guidance is at

We have updated our page GDPR: the controller to reflect the new guidance. An external OH provider is likely to be responsible as a data controller (rather than just a processor) under the GDPR.