Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit. See more detail… Read More