The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

    For a controller to use a processor, it must ensure that the processor can meet the requirements stated in Art. 28 GDPR. This means that the controller, for example, only could choose a processor that can guarantee to implement appropriate technical and organisational measures in such manners that the processing still meets the requirements of GDPR.

    The controller must also ensure that a data processing agreement between them and the processor are being signed. The agreement needs to comply with the requirements stated in Art. 28 (3).


    Need templates, second opinion or support for your DPAs?

    Connect with leading experts with a multitude of templates. Reviewing a customer DPA – ask for a second opinion from our experts. Track record with leading European startup, mid-size companies and listed global enterprises.

    Get a quote today from the business law firm Sharp Cookie Advisors