What is a data processor according to GDPR?

A data processor is a person, agency, public authority, or any other body that processes personal data on behalf of a data controller. The data processor does not own or control the data that they process and must only process data according to the instructions given by the data controller.

Some of the common examples of data processors include analytics tools like Google Analytics, accounting software, HR software and market research tools.

Data processors don’t have the same level of legal obligations as data controllers however, as per Article 28, they must implement appropriate organizational and technical measures to meet the guidelines set out by the GDPR.