General Data Protection Regulation (GDPR) has introduced new obligations regarding controller and processor governance. Both data controllers and processors are responsible for handling the personal data of the stores customers. Controllers and processors need to be in sync about what personal data is transferred and how it’s processed, processed and reported. You should consider three stages for your vendor compliance program: contractual readiness, ongoing governance, compliance and audit. For example, a department store (controller) collects the data of its customers when they make purchases, while another organization stores, digitizes and catalogs all the information produced by the department store.”]
Source: https://securityintelligence.com/playing-it-smart-for-data-controllers-and-processors/