The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so by Union or Member State law.
Home » What We Do » Digital Regulations Database » EU GDPR Digital Regulation » View Regulation – EU GDPR » Chapter 04: Controller and processor » Chapter 04 – Section 01 – General obligations » Article 29: Processing under the authority of the controller or processor