Refers to any person who processes personal data on behalf of a controller.

The term processor may have specific definitions in certain jurisdictions. For example, under the General Data Protection Regulation (GDPR), a processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of a controller (Article 4(8), GDPR). For further information, see Practice note, Overview of EU General Data Protection Regulation: GDPR: definitions: controller and processor.

Processors were previously known as “data processors” under the Data Protection Act 1998 (DPA 1998). For information on data processors under the DPA 1998, see Practice note, Data Processor Obligations Under the GDPR: GDPR Controllers and Processors.