Processor’s documents which are mandatory under GDPR are less and indicated by the controller who need to give instruction to the processor. Usually mandatory documents for processor in their relationship with controller are:- The Data Processing Agreement and it should contains also instructions from the controller on how to process personal data.- The registry of processing activities as a processor.- Data Protection policy, and confidentiality clauses in agreements with people accessing data should be implemented.
Other documents may be required by controllers in order to demonstrate compliance (i.e. a Data Processing Impact Assessment on the processing carried out by the processor), or a data breach notification procedure.
The processor should be available to receive inspections and audits from the controller.