Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR. A thorough risk assessment helps businesses understand where their information is most vulnerable, allowin