Under the EU Directive on the Protection of Personal Data, a processor is
|“||the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.||”|
If an organization holds or processes personal data, but does not exercise responsibility for or control over the personal data, then this organization is a “processor.” Examples of processors include payroll companies, accountants and market research companies, call centers of telecommunications or financial companies, all of which could hold or process personal data on behalf of someone else.
See Data controller.
- EU Directive on the Protection of Personal Data, Art. 2(e).