A Processor is “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.

From now on, the processors have responsibilities regarding the GDPR. The CNIL has published a guide to raise their awareness and assist them in the concrete implementation of their obligations.

This guide has clarified the notion of “processor”, its scope, the main changes to the processor’s obligations regarding the protection of personal data introduced by the GDPR. It also reiterated the sanctions in case of non-compliance with the provisions of the GDPR.

It also analysed the obligation to draft an agreement with each processor, giving an example of contractual out-sourcing clauses.