• technology
  • June 19, 2018

Are the contracts you have with the suppliers who handle your customers’ data GDPR compliant?

By Lawbite Team

Book a call

From a practical perspective, proactive management of suppliers is often a useful and effective way to ensure your suppliers deliver. However, it is important to ensure you have a written contract in place to outline the service you require, the date and time of delivery, fees and all other obligations of the supplier. Take a look here to find out exactly when you have a contract in place.

Your contract with the supplier is key and you will want to ensure it marries up with the obligations you owe to your own clients in terms of data protection. Take a look here for our contract review checklist.

Here are some of the key terms you will want to consider:

  • Scope of service
  • Term
  • Termination and consequences of termination
  • Fees
  • Liability and Indemnities
  • Data Protection
GDPR Products  

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and must be considered if you are processing personal data. You must consider in what capacity are you processing personal data – as a data controller or data processor?

Where the relationship between you and your supplier is one of data controller to data processor, GDPR requires that a written contract is in place governing the relationship. The contract must set out, the subject matter and duration of processing; the nature and purpose of processing; the type of personal data and categories of data subjects; and the obligations and rights of the controller.

GDPR also requires the contract to stipulate that a processor will:

  • Process personal data only in accordance with the written instruction of the data controller and inform the controller if it believes an instruction infringes GDPR;
  • Ensure its employees who process personal data are subject to confidentiality obligations
  • Take all measures to comply with the security requirements of GDPR;
  • Not engage another processor or sub-processor without the consent (general or specific) of the controller;
  • Ensure contractual obligations required by GDPR flow down to any such sub-processors;
  • Assist the controller by using appropriate technical and organisational measures to meet its obligations with regard to the rights of data subjects;
  • Assist the controller with its obligations in respect of data breaches, data protection impact assessments and consultation with the data protection authorities;
  • At the choice of the controller delete or return all personal data when the services are at an end;
  • Evidence compliance with GDPR and submit to audits carried out by the controller or a third party on its behalf.

You may wish to review your current supplier contracts to ensure GDPR compliance as well as ensuring these terms are covered in new arrangements. Now is the time for ACTION and remember LawBite is here to help.

If you would like to speak to us about our contract review service, GDPR legal advice or any other legal matter, you can make an enquiry to receive expert business legal advice or call our friendly LawBite team on 0207 148 1066.


Rachel Lawbrief

Journey further…

How LawBite works LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read our latest blog posts on GDPR, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • March 26, 2020
COVID-19: Remote working and protecting personal data

Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...

Gdpr, Coronavirus
blog image
  • By Lawbite Team
  • March 19, 2020
Data protection and Coronavirus - What you need to know

Coronavirus and its spread across borders is a concern for employers and employees. While employers will be concerned to ensure their business’ con...

Gdpr, Coronavirus
blog image
  • By Lawbite Team
  • January 30, 2020
Newsflash – ICO issue statement on GDPR compliance after Brexit

The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union).   There are no big surp...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk To A Lawyer

Book A Call
defend a claim

Learn more about LawBite