Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR. Organizations dealing with high volumes of sensitive data may also face internal risks, such bey employee