GDPR

Data Processor

Under GDPR, a data processor is any organization that processes personal data on behalf of a data controller, following its instructions, under a contract that precisely governs this relationship.

Why it matters

The data controller remains liable for its processors' failures; selecting and contractually governing them is an integral part of GDPR compliance.

Concrete example

A company signs a GDPR data processing agreement with its cloud hosting provider, specifying security measures and the conditions for any further sub-processing.

Related notions

Data controllerData processing agreementStandard contractual clauses

Assess your organization's maturity on this topic

Start the diagnostic
Back to glossary