Re: Their Site
Does it get messy?
My understanding is that Tickemaster remain the data controller for their customers regardless of who they assign as processors.
It's possible for the data controller to be prosecuted OR the data controller and the processor to be prosecuted (from https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/):
* If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
* However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
Biting the hand that feeds IT
