Responsibilities of processors
Processors have less autonomy and independence over the data they process, but they do have several direct legal obligations under the Applied GDPR and are subject to regulation by the Information Commissioner. If you are a processor, you have the following obligations:
- Registration requirement
- Security obligations
- Relationship with controllers more strictly regulated
- Applicability of offences, penalities and sanctions
- Powers of the Information Commissioner
- Rules on data transfers and disclosures
- Requirement for records of activity to demonstrate compliance
- Requirement for a data protection officer
- Provide assistance to controllers in respect of data protection impact assessments and prior authorisation.