Data Processor

A data processor is a person or organization that processes personal data on behalf of a data controller. Their role should be regulated in a so-called Data Processing Agreement (DPA) signed between the data controller and data processor.

Among other things, the data processor:

  • must have adequate information security measures in place
  • shouldn’t engage sub-processors without the prior consent of the controller
  • must cooperate with the authorities in the event of an enquiry
  • must report data breaches to the controller as soon as they become aware of them, without undue delay
  • may need to appoint a mandatory Data Protection Officer
  • must give the Data Controller the opportunity to carry out audits examining their GDPR compliance
  • must keep records of all processing activities
  • must comply with EU transborder data transfer rules (if necessary)
  • must help the controller to comply with Data Subject’ rights (including the processing of data subject requests)
  • must assist the data controller in managing the consequences of data breaches
  • must delete or return all personal data at the end of the contract as requested by the controller, and
  • must inform the controller if the processing instructions infringe GDPR

More about Data Processor on Piwik PRO Blog:

Improve Consumer Experience in Healthcare with Analytics and Personalization: 3 Powerful Use Cases

By Karolina Lubowicka, Karolina Matuszewska in Healthcare

We believe that successfully enhancing patients' digital journey depends on understanding their preferences. That’s why it's crucial to base your digital strategy on reliable statistics and measurable data. In the United States alone, 96% of hospitals have switched from paper records to online portals to aid doctors track testing, imaging and visits, then offer patients […]

Read more

Piwik PRO Signs an Open Letter Advocating for a Tighter ePrivacy Regulation

By Maciej Zawadziński, Karolina Lubowicka in Data Privacy & Security, News & Releases

Piwik PRO, together with twelve other companies, has signed an open letter urging EU Member States to include strong privacy safeguards in the new Privacy and Electronic Communications Regulation (ePrivacy Regulation).The letter is an initiative of Articl8, an industry group of pro-privacy companies thriving in the face of fierce competition from businesses that harvest personal […]

Read more