• Technology
  • June 19, 2018

Are the contracts you have with the suppliers who handle your customers’ data GDPR compliant?

By Lawbite Team

Talk to a Lawyer Free Legal Help
From a practical perspective, proactive management of suppliers is often a useful and effective way to ensure your suppliers deliver. However, it is important to ensure you have a written contract in place to outline the service you require, the date and time of delivery, fees and all other obligations of the supplier. Take a look here to find out exactly when you have a contract in place.

Your contract with the supplier is key and you will want to ensure it marries up with the obligations you owe to your own clients in terms of data protection. Take a look here for our contract review checklist.

Here are some of the key terms you will want to consider:

Scope of service
Term
Termination and consequences of termination
Fees
Liability and Indemnities
Data Protection
 
   
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and must be considered if you are processing personal data. You must consider in what capacity are you processing personal data – as a data controller or data processor?

Where the relationship between you and your supplier is one of data controller to data processor, GDPR requires that a written contract is in place governing the relationship. The contract must set out, the subject matter and duration of processing; the nature and purpose of processing; the type of personal data and categories of data subjects; and the obligations and rights of the controller.

GDPR also requires the contract to stipulate that a processor will:

Process personal data only in accordance with the written instruction of the data controller and inform the controller if it believes an instruction infringes GDPR;
Ensure its employees who process personal data are subject to confidentiality obligations
Take all measures to comply with the security requirements of GDPR;
Not engage another processor or sub-processor without the consent (general or specific) of the controller;
Ensure contractual obligations required by GDPR flow down to any such sub-processors;
Assist the controller by using appropriate technical and organisational measures to meet its obligations with regard to the rights of data subjects;
Assist the controller with its obligations in respect of data breaches, data protection impact assessments and consultation with the data protection authorities;
At the choice of the controller delete or return all personal data when the services are at an end;
Evidence compliance with GDPR and submit to audits carried out by the controller or a third party on its behalf.
You may wish to review your current supplier contracts to ensure GDPR compliance as well as ensuring these terms are covered in new arrangements. Now is the time for ACTION and remember LawBite is here to help.

If you would like to speak to us about our contract review service, GDPR legal advice or any other legal matter, you can make an enquiry to receive expert business legal advice or call our friendly LawBite team on 0207 148 1066.   



Journey further…

How LawBite works
LawBite GDPR Products

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.



Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • August 05, 2021
Business Software and IT Agreements, how do they work?

As a business owner, you may want to enlist the help of IT providers and software developers to design technology and software programs for your bu...


Technology
blog image
  • By Lawbite Team
  • July 27, 2021
Data Protection - European Commission adopts adequacy decisions for the UK

On 28 June 2021, the Commission adopted two adequacy decisions in relation to the United Kingdom, under the General Data Protection Regulation (GDP...


Gdpr
blog image
  • By Lawbite Team
  • July 27, 2021
Setting up a Limited Company UK: a guide for businesses

As a business owner, you may want to learn about the business legal structure known as a limited company. A limited company has a separate legal id...


Startups

LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan