In GDPR and other privacy laws, the data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company. It is a person or organization that deals with personal data as instructed by a controller for specific purposes and services offered to the controller that involves personal data processing. According to article 4.8 of the GDPR, the data processor is the following: “processor means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller”.


The data processor must assume the obligations established by the GDPR. These specific obligations may be supervised by the data protection authorities. The obligations of the treatment manager are:

Contract with the Data Controller: This contract must establish the object, duration, nature, and purpose of the treatment, the type of personal data and categories of interested parties, and the obligations and rights of the Data Controller.

Must cooperate with the authority: Providing the information requested.

Record of processing activities: The data processor must keep a record of all categories of personal data processing activities carried out under his responsibility like a data controller.

Data Protection Officer (DPO): Designed in the cases provided for in the GDPR.

Security: The data processor must determine the safety measures applicable to the treatments carried out, considering the state of the art, the costs of the application, and the nature, scope, context, and purposes of the treatment.


Call Center: Contact center activities of your organization or now and then use a call center when you want to enable people to dial into a specific number in the scope of a campaign. The company you outsource to then is a processor.

Marketing: Your marketing team processes personal data of potential and existing customers. When it works with an email marketing company, for instance, that uses these data for campaigns. The company you outsource to then is a processor.

Human Research: Some of those Human Research data processing data activities could be outsourced. The company you outsource to then is a processor.

This website is using cookies to improve the user-friendliness. You agree by using the website further. Privacy policy