Responsibilities of the Data Processor

< Back
You are here:

Broadly speaking a data processor has the same obligations as a data controller, however there are some nuances which should be noted. 

Processors must also:


    • Perform only the processing defined by the data controller (or legal requirements)

    • The processor needs to obtain the written consent of the data controller before it can appoint a sub-processor

    • The same rules and constraints about personal data in the controller/processor contract must be duplicated in any contracts with sub-processors

There are circumstances where the data processor must update
the data controller of events:


    • If the processor anticipates that the controller’s instructions and operations
      will conflict with the GDPR’s requirements or laws of the EU Member state under
      question, the processor is obliged to inform the data controller immediately,
      without any undue delay

  • Processors must notify any data breach to the Data Controller immediately, without delay and must assist the controller in handling the breach
  • Processors must notify the Data Controller of any data subjects rights request immediately, without delay and must assist the controller in handling the breach.
A significant requirement is that Data Controller / Data Processor relationships must have a contract in place.

Mark Roebuck

Mark Roebuck

Building a career around data led programme management Mark recognised that existing data compliance solutions were complex and difficult for clients to use. Frustrated with the options he founded ProvePrivacy to provide an effective and simple to use data protection compliance solution.

Copyright:  All information and articles provided represent the views of ProvePrivacy Limited and our contributors.  They do not constitute legal or data protection advice. All rights reserved.

You Might Also Like