One of the faults of the current legislation, that has been maintained in GDPR, is the use of the same term for both the internal data processors in an organization (usually managers or officials) or external ones (generally outsourcers companies or service providers). Leaving out the current consequences of these definitions we take into account the innovative features of GDPR. This last attributes to the Data Processor a real co-responsibility with the Owner, so that is subject to the same heavy penalties. This will entail surely a renegotiation in economic terms of the contracts, whereas it an external manager will risk a lot more than today for the conduct of its business.
But what about an employee of a company that, according to its designation, risks the same penalties of the organization on which he depends (unlike for example of his own CEO that is not called to account in the same way)? In this context, hardly be anyone will accept a designation as internal Data Processors with the new rules of GDPR, even in presence of generous compensation. By contrast, nothing prevents the Owner to create its own organizational privacy with appropriate attribution of different levels of responsibilities and tasks among the various figures. It is therefore likely that the figure of the internal Data Processors will be destined to disappear, replaced by less demanding roles in terms of objective responsibilities.