What Is Data Processor?
Data Processor is an entity that processes personal data on behalf of, and on the instructions of, a data controller.
Data Processor — an entity that processes personal data on behalf of, and on the instructions of, a data controller.
A processor acts for the controller and cannot use the data for its own purposes. The relationship must be governed by a contract setting out security and confidentiality duties (GDPR Article 28). Many AI vendors are processors for their customers — but if a vendor starts using customer data to train its own models, it may have become a controller, with all the attendant duties.
Source: GDPR, Articles 4(8) and 28
Plain-language explanation
A processor acts for the controller and cannot use the data for its own purposes. The relationship must be governed by a contract setting out security and confidentiality duties (GDPR Article 28). Many AI vendors are processors for their customers — but if a vendor starts using customer data to train its own models, it may have become a controller, with all the attendant duties.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →