Not an expert at all, but my basic understanding of GDPR is if you outsource a service to a 3rd party and they collect data or do any processing that they shouldn't, you are essentially responsible.
It makes sense. I'm the one selecting the tooling afterall so I should also be responsible for making sure to comply with whatever laws/directives there are.
This being said, it feels unfair when you try to comply but somebody fucks you over.
This being said, it feels unfair when you try to comply but somebody fucks you over.