A Sub-Processor is a third party data processor engaged by a Data Processor who has or will have access to or process personal data from a Data Controller.

    In order to use a sub-processor, the processor needs to have the controllers written permission. The terms regarding the usage of a sub-processor can be regulated between the controller and processor in their data processing agreement. If the controller has approved the usage of a sub-processor, the processor needs to establish a contract between him and the sub-processor that meet the requirements of a DPA in article 28(3) GDPR.

    It is also vital to notice that the processor who hire a sub-processor always will be liable to the controller regarding the sub-controllers compliance.


    Expert Legal Advice that strengthens your digital strategy

    Connect with our experts in technology and data protection law. SaaS. License agreement. Cloud services. Business-minded.

    Get a quote today from the business law firm Sharp Cookie Advisors