What is a third party in GDPR?

According to Article 4(10) of the GDPR, a third party is a natural or legal person, public authority, agency or body other than the data subject, controller, and processor who is authorized to process personal data by the controller or processor. Third parties could include social media plugins that you use on your website.

Note that under GDPR, a third party is different from a processor that processes data on behalf of the controller, such as an email marketing tool, hosting provider or CRM software. They do not process data for their own interest and are pursuant to a written contract. However, the third-party receives personal data from the controller and is authorized to process it as they want. They are not pursuant to a written contract like a processing agreement and may process data for their own interest.

Start your compliance right away

14-day free trialCancel anytime

Get started for free

View plans

What is a third party in GDPR?

See also

Start your compliance right away

Get Started

Products

Solutions

Resources

Free Tools

Compare

Company

PartnersJoin us!

Legal

What is a third party in GDPR?

Related articles

See also

Start your compliance right away