Processors have more yasal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.The organization and its clients gönül access the information whenever it is necessary so that business purposes and customer expectations are satisfied.ISO 27001