The processor «processes personal data on behalf of the controller», performing on the instructions of the controller. In contrast to the earlier regulation, the GDPR imposes direct obligations on each the controller and the processor, though fewer obligations are imposed…