The legal or natural person, organization, or institution which processes personal data on behalf of the controller, and should not engage another processor without the specific written authorization of the controller. Normally, the data processor is a third-party company chosen by the data controller to process the data.
Data Processor is responsible for creating and implementing processes that enable the data controller to gather data, store the data, and transfer it if necessary.
Also, the data processor needs to take security measures to protect the collected personal data.