OneTrust Certified Privacy Professional Practice Exam

Data processors have a specific obligation under the General Data Protection Regulation (GDPR) to follow the instructions provided by the data controller. The relationship between a data controller and a data processor is defined by the roles they play in data handling. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the controller.

This obligation means that data processors cannot make independent decisions about personal data processing that deviate from the instructions given by the data controller. It is essential for ensuring compliance with data protection principles, safeguarding the rights of data subjects, and maintaining the integrity of the processing activities. By strictly adhering to the controller's instructions, data processors contribute to a more secure and compliant data processing environment.

In contrast, some of the other options do not accurately reflect the obligations of data processors under the GDPR. For instance, the idea of processing data without restrictions contradicts the need for accountability and adherence to instructions, and the suggestion to delete all data upon request does not align with the GDPR's requirements, which depend on specific legal bases and conditions for processing data. Additionally, while processors may have obligations to report data breaches, their disclosure must typically be coordinated with the data controller, making independent action inappropriate. Hence, following