GDPR lays down rights for private individuals, which means that a legal person (e.g. a company) living/based in Europe basically have no rights to claim according to EU law.
However, I have seen terms and conditions agreements between companies (that is, both parties are companies) where one or the other guarantees the other GDPR rights.
From a pure business standpoint, I don’t understand why a company would do that, since that would entail that the company making the guarantee puts itself at a greater risk for penalty fees.
I’m wondering why a company would take on responsibility for protecting another company’s “personal” data like that. Is it because of trust from the other company’s employees or customers? Or is it just a sort of hedge clause to make sure the company making the guarantee never would break the rules of GDPR?
I would love to hear any thoughts or insights on this.