Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR. The GDPR applies to two types of users, of which we will undoubtedly all fall; Controllers and Processors.