The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. A data controller is the entity/person that determines purposes and means of processing personal data of the EU resident. Data processors provide services to the controller in accordance with each controller’s instructions. Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR
If you sign up for a Snap Schedule 365 subscription and use the software to schedule your employees, you are the data controller for the personal data of your employees. We, the Snap Schedule 365 service provider, is a data processor and we use subprocessors like Microsoft Azure to provide cloud hosting and other services.