{"id":9039,"date":"2022-02-01T17:54:33","date_gmt":"2022-02-01T16:54:33","guid":{"rendered":"https:\/\/www.cabinetbouchara.com\/sous-traitant\/"},"modified":"2026-02-10T08:57:14","modified_gmt":"2026-02-10T07:57:14","slug":"subcontractor","status":"publish","type":"page","link":"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/","title":{"rendered":"Subcontractor"},"content":{"rendered":"

Lexicon<\/a> > Subcontractor<\/b><\/span><\/span><\/span><\/p>\n

IT Glossary<\/p>\n

The processor is the natural or legal person who processes personal data<\/a> on behalf of the controller<\/a>.<\/p>\n

The processor must serve the interest of the controller by performing a specific task and following the instructions given by the controller, at least with regard to the purpose<\/a> and the essential elements of the means.<\/p>\n

The processor may, however, enjoy a certain degree of autonomy in carrying out the outsourced processing and thus define the non-essential elements of the processing<\/a> operation.<\/p>\n

However, when a subcontractor acts contrary to the instructions of the responsible for<\/a> the processing, including making decisions about the purpose and the essential elements of the means of processing, it may then be reclassified as a controller and thus subject to the obligations of the latter enshrined in the GDPR<\/a>.<\/p>\n

The controller may only use a processor who provides sufficient guarantees that appropriate technical and organizational measures have been implemented so that the processing meets the requirements of the GDPR and ensures the protection of the data subject.<\/p>\n

This includes considering the outsourcer’s expertise, reliability, and resources before outsourcing the processing.<\/p>\n

In any case, the processing carried out by the processor must be governed by a legal act such as a contract that binds the processor to the controller defining in particular:<\/p>\n