An organisation which handles data on the instructions of another individual or organisation is called a data processor.
Explanation
- A data processor is an individual, organisation, or entity that processes personal data on behalf of a data controller, following their instructions.
- The data processor does not decide the purpose or means of processing the data; these decisions are made by the data controller.
- The data processor's responsibilities and duties are typically outlined in a contract or legal agreement with the data controller.
- Examples include cloud service providers, payroll services, or third-party companies that manage data without owning or controlling it.
This distinction is important under data protection regulations such as the GDPR, which clearly differentiate between data controllers (who determine why and how data is processed) and data processors (who only execute processing based on instructions).
