A data processor is a third party that processes personal data on behalf of a controller instead of deciding the purposes on its own.
Processors are commonly SaaS vendors, cloud infrastructure providers, analytics providers, support tools, and other service partners that touch personal data while performing a contracted service.
When a business relies on processors, it usually needs clear contractual terms, security controls, retention limits, and evidence that processor oversight is operational rather than theoretical.
Related reading: