A Data Processor is an entity that processes personal data on behalf of and under the instructions of a Data Controller. The processor handles personal data according to contractual agreements and does not determine the purposes or means of processing.
Data Processor
Regulatory Definitions
- GDPR (Article 4(8)): A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. Under GDPR, processors have specific obligations including implementing appropriate technical and organizational measures (Article 32), ensuring confidentiality of personnel (Article 28(3)(b)), and notifying controllers of personal data breaches (Article 33(3)). Processors may only act on documented instructions from the controller (Article 28(3)(a)).