Hi All, If I am a website supplier and provide sites that have contact forms, these need to be updated for GDPR, what if a customer does not want to pay for this? I assume they be liable for any GDPR issues as they are the Data Controller? Also in this scenario, as a website provider I would be a Data Processor that is processing data on behalf of my client, The data controller. If the website has no means of deleting data permanently or facilities to extract all the personal data including last IP addresses. I assume we can charge our customer for this, as this is additional processing, we are not bound to the end user as we are not the data controller? Your thoughts..