• Technology
  • June 19, 2018

Are the contracts you have with the suppliers who handle your customers’ data GDPR compliant?

From a practical perspective, proactive management of suppliers is often a useful and effective way to ensure your suppliers deliver. However, it is important to ensure you have a written contract in place to outline the service you require, the date and time of delivery, fees and all other obligations of the supplier. Take a look here to find out exactly when you have a contract in place.

Your contract with the supplier is key and you will want to ensure it marries up with the obligations you owe to your own clients in terms of data protection. Take a look here for our contract review checklist.

Here are some of the key terms you will want to consider:

Scope of service
Termination and consequences of termination
Liability and Indemnities
Data Protection
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and must be considered if you are processing personal data. You must consider in what capacity are you processing personal data – as a data controller or data processor?

Where the relationship between you and your supplier is one of data controller to data processor, GDPR requires that a written contract is in place governing the relationship. The contract must set out, the subject matter and duration of processing; the nature and purpose of processing; the type of personal data and categories of data subjects; and the obligations and rights of the controller.

GDPR also requires the contract to stipulate that a processor will:

Process personal data only in accordance with the written instruction of the data controller and inform the controller if it believes an instruction infringes GDPR;
Ensure its employees who process personal data are subject to confidentiality obligations
Take all measures to comply with the security requirements of GDPR;
Not engage another processor or sub-processor without the consent (general or specific) of the controller;
Ensure contractual obligations required by GDPR flow down to any such sub-processors;
Assist the controller by using appropriate technical and organisational measures to meet its obligations with regard to the rights of data subjects;
Assist the controller with its obligations in respect of data breaches, data protection impact assessments and consultation with the data protection authorities;
At the choice of the controller delete or return all personal data when the services are at an end;
Evidence compliance with GDPR and submit to audits carried out by the controller or a third party on its behalf.
You may wish to review your current supplier contracts to ensure GDPR compliance as well as ensuring these terms are covered in new arrangements. Now is the time for ACTION and remember LawBite is here to help.

If you would like to speak to us about our contract review service, GDPR legal advice or any other legal matter, you can make an enquiry to receive expert business legal advice or call our friendly LawBite team on 0207 148 1066.   

Journey further…

How LawBite works
LawBite GDPR Products

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • December 23, 2021
What is a private limited company (LTD)?

If you are starting a new business and have decided that a limited company is the legal structure that will ensure you meet your business goals, it...

blog image
  • By Lawbite Team
  • December 23, 2021
PLC: What is a public limited company?

Starting a business is an exciting moment for any entrepreneur. The company structure you choose for your business will have significant implicatio...

blog image
  • By Lawbite Team
  • December 23, 2021
Public vs Private Companies: What's the Difference?

Whether you are in the process of launching a startup or have created a highly profitable business we know that distinguishing between what is a pr...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Get Quote

defend a claim

Essentials Plan

Join for Free