A data processor is a person or organization that processes personal data on behalf of a data controller. Their role should be regulated in a so-called Data processing agreement (DPA) signed between the data controller and data processor.
Among other things, the data processor:
- must have adequate information security measures in place
- shouldn’t engage sub-processors without the prior consent of the controller
- must cooperate with the authorities in the event of an enquiry
- must report data breaches to the controller as soon as they become aware of them, without undue delay
- may need to appoint a mandatory Data protection officer
- must give the Data controller the opportunity to carry out audits examining their GDPR compliance
- must keep records of all processing activities
- must comply with EU transborder data transfer rules (if necessary)
- must help the controller to comply with Data subject ’ rights (including the processing of data subject requests)
- must assist the data controller in managing the consequences of data breaches
- must delete or return all personal data at the end of the contract as requested by the controller, and
- must inform the controller if the processing instructions infringe GDPR
More about Data Processor on Piwik PRO blog:
