Processors have more legal obligations placed on them in the case of a breach however a controller will be responsible for ensuring the contracts with the processor comply with the GDPR.ISO 27001 also encourages continuous improvement and risk management. Organizations also ensure the security of their data by regularly reviewing and updating their