On the 25th May 2018 the General Data Protection Regulation (GDPR) became effective, alongside with for a rather abstract EU law an unusually widespread medial echo. This echo was due to the strengthened rights for data subjects under the new legal framework and (potentially) increased fines for companies in case of non-compliance. Beyond data subjects rights, fines are possible for violations of a number of other provisions as well, for instance on third country transfer, appropriate technical and organizational measures or the involvement of (sub-)processors. The GDPR, however, brings another big revelation; accountability for compliance for both the controller as well as the processor. This accountability in conjunction with the risk of severe fines has led to insecurity of the market participants and sometimes spawned discussions, which have been settled in the past on a national level already. The present article scrutinizes these effects when EU-based processors are involved by non-EU based and not otherwise (cf. Art. 3 GDPR) covered data controllers.