The term "data processor" (processor), along with the term "data controller" (controller), is crucial for allocating the legal obligations arising from the GDPR and are essential for protecting the rights and freedoms of data subjects.
Regarding a data processing (agreement), a company processes personal data on behalf of the controller. In this context, the controller specifies in a data processing agreement how exactly the personal data is to be processed by the processor. The processor is therefore bound by instructions to the controller.
Typical examples of data processing (agreements) are:
-
Forwarding of address lists to a lettershop
-
Disposal (destruction, deletion) of data carriers with personal data by service providers,
-
Storage of personal data in the cloud,
-
Processing of customer data by a call center without significant own decision-making scope there,
-
Data capture, data conversion or scanning of documents containing personal data,
-
payroll or financial accounting by data centers,
-
electronic invoicing