Identifying Recipients of GDPR personal data – Theory and Reality
Under the GDPR, a data subject must be informed of the recipients or the categories of recipient of their personal data. These two choices are genuine alternatives. The controller can choose. But can that choice resist circumstances? Under the old regime, likewise it was necessary only to specify non-particularized categories. Hence the semantically meaningless rubbish filling up the non-statements of processing held in various supervisory authorities' existing "registration" databases. So, under the GDPR, can we still get away with it? After all,...