The processor is not required to assist the controller in ensuring compliance with the obligations under the GDPR.

The processor can apply another processor without any authorization from the controller.

The processor is allowed to keep personal data after the end of the provision of services without deleting existing copies.

The processor shall act only on instructions from the controller, especially where the transfer of personal data is prohibited.