Sub-Processor

10 Dec 2018

A Sub-Processor is a third party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller.

In order to use a sub-processor, the processor needs to have the controllers written permission. The terms regarding the usage of a sub-processor can be regulated between the controller and processor in their data processing agreement. If the controller has approved the usage of a sub-processor, the processor needs to establish a contract between him and the sub-processor that meet the requirements of a DPA in article 28(3) GDPR.

It is also vital to notice that the processor who hire a sub-processor always will be liable to the controller regarding the sub-controllers compliance.

New SCCs from EU – the Definitive Guide
How to Customise your new SCCs
Glossary: Data Sharing Agreement
Data Processing Agreement Basics

Related Terms:

Term: Data Processor
Term: Data Controller
Term: Data Processing Agreement
Term: Sub-Processor
Term: Third Party
Term: Processor
Term: Personal Data
Term: Controller
Term: General Data Protection Regulation
Term: Compliance

European Essential Guarantees Recommendations

Data Protection Officer (DPO) guide

DPO conflict of interest

New SCCs from EU – the Definitive Guide

Legitimate Interest Assessment – all You Need to Know

GDPR article 49 derogations applicable to international transfers

How GDPR Affects Recruitment

Retention Policy – An overview

Sub-Processor

Follow to stay updated

most viewed

Schrems II a summary – all you need to know

What is a Personal Data Breach?

Audit Powers of the Data Protection Authority: How to Prepare

trending now

DPO conflict of interest

Schrems II a summary – all you need to know

Extra sensitive data