A data processor is a person or organization that processes personal data on behalf of a data controller. Their role should be regulated in a so-called Data processing agreement (DPA) signed between the data controller and data processor.

Among other things, the data processor:

  • must have adequate information security measures in place
  • shouldn’t engage sub-processors without the prior consent of the controller
  • must cooperate with the authorities in the event of an enquiry
  • must report data breaches to the controller as soon as they become aware of them, without undue delay
  • may need to appoint a mandatory Data protection officer
  • must give the Data controller the opportunity to carry out audits examining their GDPR compliance
  • must keep records of all processing activities
  • must comply with EU transborder data transfer rules (if necessary)
  • must help the controller to comply with Data subject ’ rights (including the processing of data subject requests)
  • must assist the data controller in managing the consequences of data breaches
  • must delete or return all personal data at the end of the contract as requested by the controller, and
  • must inform the controller if the processing instructions infringe GDPR

More about Data Processor on Piwik PRO blog:


  • PHI and PII

    PHI and PII: How they impact HIPAA compliance and your marketing strategy

    Personally identifiable information (PII) and protected health information (PHI) may seem similar. However, there are critical distinctions between the two. While PII is a catch-all term for any information that can be associated with an individual, PHI applies specifically to HIPAA-covered entities dealing with identifiable patient information. Keeping HIPAA compliant and protecting patient information requires…

  • How can healthcare organizations benefit from using a customer data platform (CDP)

    Like many industries, healthcare has been undergoing significant change and is under immense pressure. Patients expect personalized healthcare experiences, but are increasingly aware of their privacy rights and demand that their data is safe and not misused. Healthcare providers have been seeking ways to connect, scale, and leverage customer data more effectively to meet consumers’…