GDPR Glossary Also known as: processor
A third party that processes personal data on behalf of, and under the instructions of, a data controller.
A data processor processes personal data on behalf of a controller and only on the controller's documented instructions. Cloud hosts, payroll providers, email platforms and analytics vendors are typical processors.
Processors have direct obligations too — security, sub-processor controls, breach notification to the controller, and a written contract (a Data Processing Agreement) under Article 28.
In the Regulation
Related terms
Data controllerThe organisation or person that decides why and how personal data is processed — and carries primary responsibility under the GDPR.Data Processing AgreementThe mandatory written contract that must be in place between a controller and a processor.ProcessingAlmost anything you do with personal data — collecting, storing, using, sharing, or even deleting it.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.