An entity that processes PII on behalf of the data Controller.
The data Controller provides instructions to the data Processor for the processing.
As the Processor is acting on behalf of the Controller, they are responsible for having organisational and technical security measures in place.
The data Controller is responsible if a data breach or event occurs. However they may claim from the Processor, if they acted below data protection standards agreed contractually or under the relevant law.
