Subprocessor

A subprocessor is a third-party service provider contracted by a data processor to process personal data on behalf of the data controller. In data protection regimes such as the GDPR, processors may engage subprocessors only with the controller’s prior written authorization and under a contract that imposes data protection obligations at least as stringent as those in the main agreement.

The controller determines the purposes and means of processing; the processor acts on the controller’s behalf.

Contractual controls require a written data processing agreement that binds the subprocessor to data protection obligations,

Rights and liability: The controller has the right to approve or object to proposed subprocessors. The processor

Subprocessors are a common feature of outsourced processing arrangements and are a key element of modern data