Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.Continuously monitor the performance of your ISMS and gather veri to measure its effectiveness and to make improvements where necessary in order to protect veri.ISO