The data processor is defined as the natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.
The task of the processor is to execute tasks on the instructions and under the responsibility of the controller.
In practice, these are usually the service providers involved in data processing. This naturally includes the data host or a customer service call centre.
The GDPR lays down a number of obligations for data processors, particularly in terms of data security and compliance with the contractual clauses set out in Article 28 of the Regulation.