GDPR: Potential fines for data security breaches more severe for data controllers than processors • The Register:
"One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is a new statutory obligation on data security that data processors must observe above and beyond contractual duties agreed with data controller customers."