Search Our Site

We have 3,780,131 registered online learners.
811 new learners so far today.

GDPR: How important is the role of data processors and compliance officers?

schedule 12th October 2017 by Alex Bateman in Virtual College Last updated on 24th April 2018

Manager helping staff member

With the introduction of the GDPR in May 2018, businesses operating in Europe will have to appoint additional data processors and compliance officers to cope with the changes.

As of May 2018, the General Data Protection Regulation (GDPR) will greatly increase the accountability of data processors and compliance officers, meaning that their roles will become more important than ever before.

For the first time in data processing history, professionals in these roles will have a direct obligation to comply with certain data protection requirements that previously only applied to data controllers.

The GDPR will create a greater balance between the responsibilities placed on data controllers and data processors. This will dramatically increase the risk profile for entities - like cloud and data centre providers - that act as data processors.

How will this impact businesses?

For every business that deals with the processing of data, this change will not only have an effect on processors, but also the controllers that engage them.

With the GDPR, it is likely that there will be more attention given to negotiating data processing agreements. This is because processors will seek to ensure that:

  • Increased costs of compliance are reflected in the cost of their services
  • The scope of the controller’s instructions are clear
  • The increased risks are appropriately allocated between the parties.

Companies should also consider reviewing their existing data processing agreements to ensure they have met the correct compliance obligations under the GDPR.

How is this different from current procedures?

Under current law, only the controller is held liable for data protection compliance, not the processor. However, under the GDPR, there will be a direct statutory obligation on data processors so that they may be subject to direct enforcement by supervisory authorities.

In addition, they could face serious fines for non-compliance and compensation claims by data subjects for any damage caused by breaching the GDPR.

What are the obligations that apply to data processors?

Once the GDPR is enforced, there are a series of obligations that will apply to data processors, including:

  • Data Processing Agreements - Personal data can only be processed on behalf of the controller when there is a written contract in place that imposes mandatory terms on the data processor.
  • Sub-processors - processors can not engage a sub-processor without the prior written authorisation of the controller.
  • Controller instructions - personal data can only be processed in accordance with the instructions of the controller.
  • Accountability - records must be maintained of data processing activities and they must be available to the supervisory authority on request.
  • Co-operation - processors must co-operate with the supervisory authority.
  • Data security - appropriate security measures must be taken and controllers must be informed of any data breaches suffered.
  • Data Protection Officers - processors must, in specified circumstances, designate a data protection officer.
  • Cross-border transfers - restrictions regarding cross-border transfers must be compliant.
  • Sanctions - Should processors fail to comply, they risk fines of up to four per cent of global annual turnover.

Ensure your business is prepared for the upcoming GDPR changes by signing up to our free overview course. Learn more.

Related resources

Alex Bateman - Virtual College

Author: Alex Bateman

Alex is interested in the strategic application of learning and development. In particular how organisations can promote engagement with ongoing learning campaigns. He spends his spare time renovating his Victorian house. Ask him about his floors, I dare you.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.