To print this article, all you need is to be registered or login on Mondaq.com. While former data protection laws, such as the European Data Protection Directive 95/46/EC (the "Directive"), mostly addressed data controllers, the General Data Protection Regulation ("GDPR") imposes several obligations upon data processors. Before its entry into force in 2018, the controller was entrusted with ensuring compliance when employing processors via contractual agreements; the GDPR's approach is different: Although processors are still bound by the controllers' instructions, the GDPR allocates responsibilities between the parties by assigning processors an active role and introducing direct statutory obligations as well as significant fines of up to