Data Processor
In Simple Terms
A person or organization that processes personal data on behalf of a data controller, following their instructions.
Formal Legal Definition
As defined in Article 4(8) GDPR, a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Practical Example
A cloud hosting provider that stores a law firm's client data is a data processor — it handles the data but doesn't decide how it's used.
Difference from Related Terms
Unlike a Data Controller, a Data Processor does not determine the purposes of processing. It must follow the Controller's instructions and have a Data Processing Agreement in place.
Why It Matters
Processors have their own GDPR obligations including security measures, record-keeping, and breach notification to the controller. They can be directly fined for non-compliance.
Related Terms
How snowLEX helps with Data Processor
snowLEX can help draft and review Data Processing Agreements, explain processor obligations, and identify when an organization crosses from processor to controller status.
Try snowLEX Free