Data Controler VS Data Processor in cloud services

Answer:

Your company will be acting as a data processor as regards to the data of the companies that use the billing software

2. Do my application need all the feature(Right to obtain, right to be forgotten, consent many more) of data controller since controller is using my application to bill their customer?

Answer:

Yes, the applications should allow the data controller to comply with all the data subjects requests.

3. what are my responsibility as data processor since most of the GDPR article talks only about controller and less about processor?

Answer:

The responsibilities of data controllers are set out in Art. 28 - "Processors" of the EU GDPR. These obligations include:
• The processor may only use a sub-processor with the consent of the controller. That consent may be specific to a particular sub-processor or general. Where the consent is general, the processor must inform the controller of changes and give them a c hance to object (art. 28(2),art. 28(3)(d));
• The processor must ensure it flows down these obligations to any sub-processor. The processor remains responsible for any processing by the sub-processor (art. 28(4));
• The processor must assist the controller to comply with requests from individuals exercising their rights to access, rectify, erase or object to the processing of their personal data (art. 28(3)(e));

This obligations are usually found in the Data Processing Agreement that should be signed between the controller and processor.