The GDPR effectively requires data controllers to enter into appropriate processing agreements when using a data processor, whereas these contracts were already essential before the GDPR for the protection of data controllers and their data subjects. The agreement provides that, taking into account the type of processing and the information available, the processor must assist the controller in fulfilling its obligations: given that controllers and processors are required to comply with the GDPR, appropriate solutions should be found with regard to international data transfers with regard to the transfer of personal data from the EU or other jurisdictions of the European Economic Area. The agreement stipulates that the processor may only process personal data in accordance with the documented instructions of the controller (including in the case of international transfer of personal data), unless REQUIRED by EU or Member State law to act otherwise. Article 30 provides that controllers or their representatives must keep records of processing activities under their supervision. . . .