عنوان مقاله [English]
All EU member states are required to have maximum protection over personal data by ratifying the EU General Data Protection Regulation (GDPR). Data processors in order to fully realize these protections are required to comply with various obligations according to these regulations. These obligations are expressed in various GDPR articles for the purpose of effective protection of personal data and data subject persons. It became clear by explaining these obligations from the point of view of European regulations relating to personal data that the Iranian Legal System did not stipulate such obligations and that only the generalities of these obligations can be inferred from various sources of Iranian law, such as the statute laws, the fundamentals of Iranian law, and Jaʿfarī Jurisprudence. It should be noted that these implied significations are insufficient to accurately explain the various obligations of data processors and the transparency of the details of this matter needs to be clarified by the legislator. This research in this regard has provided the proposed provisions regarding various obligations of data processors, including the controller’s liability towards the processing process, the controller’s commitment towards choosing the appropriate processor, keeping records of processing activities, cooperating with supervisory authorities, ensuring the security of processing, informing and servicing the breach of personal data to supervisory authorities and the data subject (relevant persons of data), and appointing data protection officers (DPOs).