| TIP: GDPR Data Processor Compliance Profile

GDPR Data Processor Compliance Profile, v1.0

Profile of requirements from the General Data Protection Regulation (GDPR) (EU) 2016/679 for the role of a Data Processor.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/gdpr-data-processor-compliance-profile/1.0/

Publication Date

2025-05-15

Issuing Organization

TMI (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

GDPR, Data Protection, Privacy, Data Privacy, Data Processor

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TD_AppointmentofEURepresentativebyNonEUEntities and TD_AvailabilityoftheEURepresentativetoSupervisoryAuthoritiesandDataSubjects and TD_ProcessingofPersonalDataOnlyonDocumentedInstructions and TD_ConfidentialityofAuthorizedPersonnel and TD_AssistancetoControllerinRespondingtoDataSubjectRequests and TD_AssistanceinEnsuringCompliancewithArticles32to36 and TD_ReturnorDeletionofPersonalDataafterProcessing and TD_AvailabilityforAuditsandInspections and TD_UseofSubProcessorsUnderEquivalentContractTerms and TD_RestrictionofProcessingtoDocumentedInstructions and TD_MaintenanceofRecordsofProcessingActivitiesbytheDataProcessor and TD_CooperationwiththeSupervisoryAuthority and TD_ImplementationofAppropriateSecurityMeasures and TD_NotificationofPersonalDataBreachtotheDataController and TD_DesignationofaDataProtectionOfficerUnderSpecifiedConditions and TD_DesignationoftheDataProtectionOfficerBasedonExpertiseandProfessionalQualities and TD_PublicCommunicationandSupervisoryAuthorityNotificationoftheDataProtectionOfficer and TD_InvolvementoftheDataProtectionOfficerinAllDataProtectionMatters and TD_SupportfortheDataProtectionOfficersTasks and TD_SafeguardsfortheIndependenceandNonPenalizationoftheDataProtectionOfficer and TD_DefinitionandSupportofDataProtectionOfficerResponsibilities and TD_AdherencetoApprovedCodesofConductwithMonitoring and TD_CompliancewithAccreditedMonitoringBodyforCodesofConduct and TD_CooperationwithCertificationBodies and TD_CompliancewithGDPRRequirementsforInternationalDataTransfers and TD_RelianceonAdequacyDecisionsforDataTransfers and TD_ImplementationofAppropriateSafeguardsforInternationalTransfers and TD_UseofApprovedBindingCorporateRulesforGroupTransfers and TD_RestrictiononThirdCountryAccessWithoutEULegalAuthorization and TD_UseofDerogationsforInternationalDataTransfersWithoutSafeguards and TD_LiabilityforGDPRViolationsCausingDamage and TD_AccountabilityforCompliancewiththeGDPRSubjecttoFines

References (32)

TD Appointment of EU Representative by Non-EU Entities, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 27(1).
ID	TD_AppointmentofEURepresentativebyNonEUEntities
Provider Reference

TD Availability of the EU Representative to Supervisory Authorities and Data Subjects, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 27(3).
ID	TD_AvailabilityoftheEURepresentativetoSupervisoryAuthoritiesandDataSubjects
Provider Reference

TD Processing of Personal Data Only on Documented Instructions, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(a).
ID	TD_ProcessingofPersonalDataOnlyonDocumentedInstructions
Provider Reference

TD Confidentiality of Authorized Personnel, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(b).
ID	TD_ConfidentialityofAuthorizedPersonnel
Provider Reference

TD Assistance to Controller in Responding to Data Subject Requests, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(d).
ID	TD_AssistancetoControllerinRespondingtoDataSubjectRequests
Provider Reference

TD Assistance in Ensuring Compliance with Articles 32 to 36, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(e).
ID	TD_AssistanceinEnsuringCompliancewithArticles32to36
Provider Reference

TD Return or Deletion of Personal Data after Processing, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(f).
ID	TD_ReturnorDeletionofPersonalDataafterProcessing
Provider Reference

TD Availability for Audits and Inspections, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(g).
ID	TD_AvailabilityforAuditsandInspections
Provider Reference

TD Use of Sub-Processors Under Equivalent Contract Terms, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(h).
ID	TD_UseofSubProcessorsUnderEquivalentContractTerms
Provider Reference

TD Restriction of Processing to Documented Instructions, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 29.
ID	TD_RestrictionofProcessingtoDocumentedInstructions
Provider Reference

TD Maintenance of Records of Processing Activities by the Data Processor, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 30(2).
ID	TD_MaintenanceofRecordsofProcessingActivitiesbytheDataProcessor
Provider Reference

TD Cooperation with the Supervisory Authority, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 31.
ID	TD_CooperationwiththeSupervisoryAuthority
Provider Reference

TD Implementation of Appropriate Security Measures, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 32(1).
ID	TD_ImplementationofAppropriateSecurityMeasures
Provider Reference

TD Notification of Personal Data Breach to the Data Controller, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 33(2).
ID	TD_NotificationofPersonalDataBreachtotheDataController
Provider Reference

TD Designation of a Data Protection Officer Under Specified Conditions, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(1).
ID	TD_DesignationofaDataProtectionOfficerUnderSpecifiedConditions
Provider Reference

TD Designation of the Data Protection Officer Based on Expertise and Professional Qualities, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(5).
ID	TD_DesignationoftheDataProtectionOfficerBasedonExpertiseandProfessionalQualities
Provider Reference

TD Public Communication and Supervisory Authority Notification of the Data Protection Officer, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(7).
ID	TD_PublicCommunicationandSupervisoryAuthorityNotificationoftheDataProtectionOfficer
Provider Reference

TD Involvement of the Data Protection Officer in All Data Protection Matters, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 38(1).
ID	TD_InvolvementoftheDataProtectionOfficerinAllDataProtectionMatters
Provider Reference

TD Support for the Data Protection Officer's Tasks, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 38(2).
ID	TD_SupportfortheDataProtectionOfficersTasks
Provider Reference

TD Safeguards for the Independence and Non-Penalization of the Data Protection Officer, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 38(3).
ID	TD_SafeguardsfortheIndependenceandNonPenalizationoftheDataProtectionOfficer
Provider Reference

TD Definition and Support of Data Protection Officer Responsibilities, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 39(1).
ID	TD_DefinitionandSupportofDataProtectionOfficerResponsibilities
Provider Reference

TD Adherence to Approved Codes of Conduct with Monitoring, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 40(4).
ID	TD_AdherencetoApprovedCodesofConductwithMonitoring
Provider Reference

TD Compliance with Accredited Monitoring Body for Codes of Conduct, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 41(4).
ID	TD_CompliancewithAccreditedMonitoringBodyforCodesofConduct
Provider Reference

TD Cooperation with Certification Bodies, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 42(3).
ID	TD_CooperationwithCertificationBodies
Provider Reference

TD Compliance with GDPR Requirements for International Data Transfers, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 44.
ID	TD_CompliancewithGDPRRequirementsforInternationalDataTransfers
Provider Reference

TD Reliance on Adequacy Decisions for Data Transfers, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 45(1).
ID	TD_RelianceonAdequacyDecisionsforDataTransfers
Provider Reference

TD Implementation of Appropriate Safeguards for International Transfers, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 46(1).
ID	TD_ImplementationofAppropriateSafeguardsforInternationalTransfers
Provider Reference

TD Use of Approved Binding Corporate Rules for Group Transfers, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 47(1).
ID	TD_UseofApprovedBindingCorporateRulesforGroupTransfers
Provider Reference

TD Restriction on Third-Country Access Without EU Legal Authorization, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 48.
ID	TD_RestrictiononThirdCountryAccessWithoutEULegalAuthorization
Provider Reference

TD Use of Derogations for International Data Transfers Without Safeguards, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 49(1).
ID	TD_UseofDerogationsforInternationalDataTransfersWithoutSafeguards
Provider Reference

TD Liability for GDPR Violations Causing Damage, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 82(2)-(3).
ID	TD_LiabilityforGDPRViolationsCausingDamage
Provider Reference

TD Accountability for Compliance with the GDPR, Subject to Fines, v1.0
Description	Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 83(2)-(6).
ID	TD_AccountabilityforCompliancewiththeGDPRSubjecttoFines
Provider Reference

Sources (1)

GDPR	General Data Protection Regulation (GDPR) (EU) 2016/679, as published in the Official Journal of the European Union (OJ L 119, 4.5.2016, p. 1-88).

Also available as XML or JSON