Obligations as GDPR Data Processors

VTSHosting Ltd falls under the classification of a Data Processor as we process and store the data of clients (Data Controllers) as part of our hosting service.

Choice of who we use as sub processors

We can only appoint sub processors e.g. for our server management or to outsource data backups that have demonstrated full GDPR compliance

Restrictions on Sub-Contracting

Under the terms of the GDPR, we cannot subcontract out any part of our service without the written consent of the Data Controllers who are using our service.

The contractual obligations supplied by any sub contracted processors must reflect the same contractual obligations between ourselves as processors and the controllers.

Data Processing Agreement

We can only process personal data on behalf of the controller where a contract is in place between us that outlines the service provided and the terms on us as your Data Processor . We have to ensure that we are only acting on the documented instructions of the controller.


Under the terms of the GDPR, we are required to implement appropriate security measures

Data Breach

We must inform controllers of any data breach without any undue delay after becoming aware

Keep records of our processing activities

We must maintain records on several things such as processing purposes, data sharing and retention.