Processors - the new obligations

Although the Island’s current Act will still not apply to data processors, the GDPR will apply directly to some processors in certain respects. Processors will be subject to greater regulatory and judicial exposure.

The GDPR defines “processors” as “a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller”. 

Which Island processors will it affect?

An Island processor must comply with certain aspects of the GDPR is it undertakes processing on behalf of ANY data controller (irrespective of the data controllers jurisdiction) and that processing is 

“related to:

Such processors will need to acquire an understanding of the basics of what “data protection” means and how it works and what elements of the GDPR they must comply with.

Processors should note in particular: