Skip to content
GDPR Summary GDPR Information online

GDPR Information

For businesses

  • Home
  • SummaryExpand
    • Principles
    • Definitions
    • Personal Data Breaches
  • AgreementsExpand
    • Data Processing Agreement
    • Privacy Policy
    • Internal Routines
    • Records of Processing Activites
  • RolesExpand
    • Controller
    • Processor
  • Guides
  • BlogExpand
    • News
    • Articles
    • Information
    • Legal Bases
GDPR Summary GDPR Information online
GDPR Information
For businesses

Personal Data Processor according to the GDPR

The company that according to the GDPR is the Personal Data Processor, must process personal data belonging to EU citizens correctly. The processing must take place in accordance with the Controllers instructions. 

What is a Personal Data Processor?

The party who processes personal data on behalf of a personal data controller is the Personal Data Processor according to the GDPR. A Personal Data Processor is always outside of the Controller’s own organization. For example, it may be a natural or legal person, public authority, institution or other body.

The Controller, a company for instance, can hire a Personal Data Processor, for the processing of personal data on behalf of the company. For example, it is common for an accounting consultant, e-mail provider, hosting provider, cloud storage site to act as a Personal Data Processor. This is because the company shares personal data for which they are responsible for, to such service provider. The service provider then processes the personal data on behalf of the company.

In such cases, the Controller must provide written instructions to the Processor as to how the processing may proceed. According to the GDPR, the Personal Data Processor is obliged to follow the instructions. And it also has various rights and obligations under the regulation.

The Personal Data Processors used by the Controller must be able to provide sufficient guarantees that the processing meets the requirements of the GDPR. And also that they ensure that the data subject’s rights are protected in accordance with the GDPR.

Article 28 of the GDPR

Personal Data Processor and its personnel may only process personal data in accordance with the written instructions from the Controller. Such instructions shall be provided in connection with the parties entering into a Data Processing Agreement. According to the GDPR, the parties must enter into such an agreement with each other before the processing may begin. For instance, the processing of personal data on behalf of the Controller. The GDPR contains clear instructions and requirements regarding what such an Agreement must contain. These can be read in article 28 of the GDPR. 

For example, the Processor may not hire his own Sub-Processors without prior written permission from the Controller.

Here is more information about the Data Processing Agreement.

A novelty in the GDPR is that some of the obligations that previously applied to the Controller now also apply to the Processor.

For example, the requirements to keep records of processing activites, to ensure an appropriate level of security and, in some cases, to appoint a data protection officer.

The Controller is the one who is responsible if a Personal Data Processor processes the personal data in violation of the GDPR. However, a Processor may also be subject to supervision by the Supervisory Authority or to administrative penalty fees and be liable for damages.

GDPR Personal Data Processor GDPR information online

News about GDPR and reviews from supervisory authorities

In addition to this information, you can also read our GDPR summary. And also about various news about the GDPR on this website. For example, audits carried out by Supervisory Authorities and sanction fees that they distribute. By learning from mistakes from others, it is possible to avoid making similar mistakes yourself. In addition, you can find information that is important and good to know as an entrepreneur as well as guides.

News
Definitions in Article 4 of GDPR information online

Summary of the GDPR for Companies, Entrepreneurs and Businesses

There is a lot of information about the GDPR that is important for companies, entrepreneurs and businesses to know about. We have therefore written a GDPR Summary and mention various key elements. Therefore, we are able to provide an overview of the GDPR, what it means and what companies must do to comply with the EU regulation.

Read the summary

Links

Home

GDPR Summary

Agreements for companies 

Free GDPR Guides 

 

 

Popular Subjects

Who can be a Controller? 

Who shall breaches be reported to?

Data Protection Principles

EDPB Guide 

GDPR Summary GDPR Information online
www.GDPRINFORMATION.com

© 2025 GDPR Information

Scroll to top
The website uses cookies
We would like to use Google's analytics cookies, to be able to analyze how the website is used and to publish more relevant content. When you click on "Accept", we have the right to collect unidentified information about your use of this website and your device. You have the right to withdraw your consent at any time. By clicking on "Accept", you agree to the use of Google's analytics cookies. However, you can visit the settings to provide customized consent. Read more in our cookiepolicySettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are placed automatically and do not require your consent.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
CookieDurationDescription
_ga2 yearsThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_137823009_51 minuteThis cookie is set by Google and is used to distinguish users.
_gid1 dayThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
Save & Accept
  • Home
  • Summary
    • Principles
    • Definitions
    • Personal Data Breaches
  • Agreements
    • Data Processing Agreement
    • Privacy Policy
    • Internal Routines
    • Records of Processing Activites
  • Roles
    • Controller
    • Processor
  • Guides
  • Blog
    • News
    • Articles
    • Information
    • Legal Bases