Skip to content
News calendar_today Updated: 7 April 2026 schedule 3 min read

B2B Marketplace Participants: Prepare for GDPR Enforcement

The EDPB has issued guidelines on joint controllership for marketplaces. What does this mean if you operate through a B2B platform?

summarize Key Takeaways
  • check_circle The EDPB has clarified that marketplace participants can be joint controllers under GDPR
  • check_circle Both the platform and participants are responsible for GDPR compliance
  • check_circle B2B businesses operating through platforms must ensure their own compliance
  • check_circle Joint controllership requires a formal agreement between the parties

The EDPB provides clarity

The European Data Protection Board (EDPB) has issued guidelines on the concept of controller under the GDPR. A key element: the clarification of joint controllership on online marketplaces.

The example cited by the EDPB is clear: when a platform and its participants jointly determine how customer data is processed, they are joint controllers. This applies to B2C marketplaces, but equally to B2B platforms.

What does this mean for B2B businesses?

If you sell products or offer services through a B2B platform - such as bol.com business, Amazon Business, or a sector-specific marketplace - you may be a joint controller with that platform.

This has concrete consequences:

1. You share responsibility

If something goes wrong with customer personal data on the platform, you as a participant can be held accountable - not just the platform.

2. You need an agreement

The GDPR requires joint controllers to set out in an agreement who is responsible for what. Check whether the platform’s terms cover this.

3. Your own compliance must be in order

The platform may impose requirements on your privacy policy, processing register, and security measures. Without these in place, you could be excluded from the platform.

The trend is clear

The direction of European regulation is unmistakable: businesses cannot hide behind platforms. Everyone in the chain involved in processing personal data bears responsibility.

For B2B businesses operating through platforms, the advice is: ensure your own GDPR compliance is solid, and verify what arrangements the platform makes regarding joint controllership.

auto_awesome Is your compliance platform-ready?

GDPRWise helps you get your processing register, privacy policy, and processing agreements in order.

GW
GDPRWise Editorial

This article was written by the GDPRWise team and reviewed by our privacy experts. We regularly review our content for accuracy and legal correctness.