ProvePrivacy Logo | Blue Green

Back to home


Responsibilities of the Data Processor

Stakeholders | ProvePrivacy | Article Image 29

Broadly speaking a data processor has the same obligations as a data controller, however there are some nuances which should be noted. 

Processors must also:

  • Perform only the processing defined by the data controller (or legal requirements)
  • The processor needs to obtain the written consent of the data controller before it can appoint a sub-processor
  • The same rules and constraints about personal data in the controller/processor contract must be duplicated in any contracts with sub-processors

There are circumstances where the data processor must update
the data controller of events:

  • If the processor anticipates that the controller’s instructions and operations
    will conflict with the GDPR’s requirements or laws of the EU Member state under
    question, the processor is obliged to inform the data controller immediately,
    without any undue delay
  • Processors must notify any data breach to the Data Controller immediately, without delay and must assist the controller in handling the breach
  • Processors must notify the Data Controller of any data subjects rights request immediately, without delay and must assist the controller in handling the breach.

A significant requirement is that Data Controller / Data Processor relationships must have a contract in place.

You might also like

Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

See our Privacy Statement for more details.

Get expert tips and business insights