GDPR for data processors - get a handle on your responsibilities  

As a data processor, you process personal data on behalf of a customer - typically a data controller. 

You have an obligation to protect the data you handle and meet the requirements of GDPR - both technically and organizationally. This requires documentation, control and transparency. 

What is a data processor in GDPR? 

A data processor is a company that processes personal data on behalf of a data controller - for example a hosting partner, software provider or external consultant. 

What should a data processor be able to document? 

• Signed and updated data processing agreements 

• Who are sub-processors and how they are handled 

• Description of the security measures you have implemented 

• Personal data breach procedures 

• Access control, logging and data integrity 

• Clear roles and understanding of instructions 

When do data processors typically need help? 

• When customers ask for documentation of your GDPR efforts 

• When GDPR requirements create uncertainty or ambiguity 

• When you lack internal resources to follow up and keep track of documentation 

When you need to use an auditor's report as credible evidence  

Do you need practical help? 

We help data processors understand and fulfill their responsibilities - and establish a structured and realistic approach to GDPR compliance. 

Read more about our consulting services here 

Do you need to document your responsibilities and safety levels? 

We prepare ISAE 3000 declarations that document your GDPR compliance as a data processor - for customers, partners and authorities. 

Read more about our declarations here

Tool: Lexoforms 

Lexoforms is a powerful compliance tool to keep track of data processing agreements, security measures and your documentation. 

Read more about Lexoforms 

---

Frequently asked questions (FAQ) 

---

Contact us - we help you reach your goal 

We are ready to help you build or document your GDPR setup as a data processor.