To print this article, all you need is to be registered or login on Mondaq.com.
While former data protection laws, such as the European Data
Protection Directive 95/46/EC (the "Directive"), mostly
addressed data controllers, the General Data Protection Regulation
("GDPR") imposes several obligations upon data
processors. Before its entry into force in 2018, the controller was
entrusted with ensuring compliance when employing processors via
contractual agreements; the GDPR's approach is different:
Although processors are still bound by the controllers'
instructions, the GDPR allocates responsibilities between the
parties by assigning processors an active role and introducing
direct statutory obligations as well as significant fines of up to