With the new Data Protection Regulation applicable from May 2018 (GDPR), data processors (i.e. companies, public authorities processing personal data on behalf of a third party) will have new responsibilities. So far, data processors had only a contractual liability vis-Ă -vis