Main obligations of processors in the processing of personal data
Obligations of processors towards the controller
The processor may only process personal data to the extent permitted by his agreement with the controller and he must follow the instructions for the processing set out by the controller.
The processor must also assist the controller in ensuring that the processing is in accordance with data protection laws.
If the processor's is aware of any data protection risks or breaches he shall inform the controller immediately.
Independent responsibility of processors
In addition to the obligation the processor has towards the controller, he is also independently responsible for the compliance of his activities with data protection laws.
The processor is responsible for, among other things:
prepare a record of the processing it performs on behalf of the controller,
follow the provisions of the processing agreement strictly, i.e. he/she may only process personal data according to the documented instructions of such agreement or other legal act between the parties,
ensure the security of the personal data that it processes in its activities in accordance with the data protection legislation