Since the processing of personal data has become global, and the presence of data processors has been increasing over time, it is of paramount importance to analyse how responsibilities are allocated among data controllers and data processors. Therefore, the aim of this article is to analyse how responsibilities and obligations of data controllers and data processors established in Uruguay – or abroad but subject to Uruguayan Data Protection Regulations due to their extraterritorial effect – are distributed and why this matter should be regulated in further detail.