Introduction: The General Data Protection Regulation (GDPR) introduced by the European Union (EU) has significantly impacted how organisations handle personal data. One critical aspect of GDPR is Article 28, which outlines data processors’ and controllers’...