Re: Nice Analysis
"who they are generally prohibited from contacting anyway"
There is no prohibition on a data subject approaching a processor. The processor has an obligation to forward any such approach to the data controller.
Article 82 states "A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller" so a processor the spills your data accidentally is indeed individually liable.
Biting the hand that feeds IT
