Part 8 of Future-Proofing Privacy: Data Processors’ New Obligations. The Regulation will impose a number of compliance obligations and possible sanctions directly on service providers. This is a significant change as currently service providers do not have any direct obligations to comply with EU data protection law (their obligations derive from their contracts with controllers). Future proof deals being negotiated now. Controllers and processors should carefully document the responsibilities of the parties and specifically take into account the forthcoming changes when deciding on providing consent for subprocessors, pricing, security standards and risk allocation.