If you’ve been following the latest data protection news, you might have heard that under the GDPR, you can be either a data controller or a data processor.
A “Controller’ is defined in the Regulation as: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
On the other hand the Regulation defines a processor as ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’.
But the GDPR puts almost all the emphasis of enforcement on data controllers. So; what does a data processor have to do in terms of their obligations? They clearly have a very important role, even if it might not seem that way in purely legal terms.
Well, don’t fear; the info you crave is here.