Under the GDPR, a data processor is an organization, entity, or individual that processes personal data on behalf of a data controller. Data processors are typically third-party service providers, such as cloud computing companies, payroll processing firms, or marketing agencies, that handle personal data as part of their services