The European Data Protection Board (EDPB) has released its guidelines on the concept of data controllers and processors under the GDPR. The guidelines clarify the concepts of controller, joint controller and processor, as well as their relationships. In doing so, they determine who shall be responsible for compliance with different data protection rules.