Glossary/Data Processor
GDPR Art. 4(8)

Data Processor

An entity that processes personal data on behalf of a data controller.

A data processor is any person or organization that processes personal data on behalf of a data controller, acting under the controller's instructions. Processors have direct obligations under GDPR including maintaining processing records and implementing appropriate security measures.

Common examples of data processors include: cloud hosting providers, email service providers, analytics tools, and payment processors.

Processors must sign a Data Processing Agreement (DPA) with the controller and may only engage subprocessors with prior written authorization. Processors that exceed their instructions and act as controllers can be held directly liable.

Related Terms
Data ControllerData Processing Agreement (DPA)SubprocessorGeneral Data Protection Regulation (GDPR)
Put it into practice

Generate a GDPR Art. 4(8) policy in 60 seconds

Our AI drafts privacy policies, terms of service, and cookie policies that cover GDPR Art. 4(8) requirements — tailored to your business.

Draft Free PolicyBack to Glossary