According to Article 32. GDPR, the data processor shall also – independently from the data controller – evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. To this effect, the data control- ler shall provide the data processor with all information necessary to identify and evaluate such risks.
