GlossaryData protection

Sub-processor

A third party engaged by a processor to carry out specific processing of personal data on behalf of the controller.

When a processor, such as a SaaS provider, uses another company to help deliver its service, for example a cloud hosting provider, that company is a sub-processor. The GDPR requires the controller's authorization and that the same data protection obligations flow down through a contract.

Maintaining an up-to-date list of sub-processors and notifying customers of changes is a common contractual and transparency requirement.

Related frameworks

GDPR

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

Sub-processor

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

Sub-processor

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal