Your contract with the supplier is key and you will want to ensure it marries up with the obligations you owe to your own clients in terms of data protection. Take a look here for our contract review checklist.
Here are some of the key terms you will want to consider:
Scope of service
Termination and consequences of termination
Liability and Indemnities
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and must be considered if you are processing personal data. You must consider in what capacity are you processing personal data – as a data controller or data processor?
Where the relationship between you and your supplier is one of data controller to data processor, GDPR requires that a written contract is in place governing the relationship. The contract must set out, the subject matter and duration of processing; the nature and purpose of processing; the type of personal data and categories of data subjects; and the obligations and rights of the controller.
GDPR also requires the contract to stipulate that a processor will:
Process personal data only in accordance with the written instruction of the data controller and inform the controller if it believes an instruction infringes GDPR;
Ensure its employees who process personal data are subject to confidentiality obligations
Take all measures to comply with the security requirements of GDPR;
Not engage another processor or sub-processor without the consent (general or specific) of the controller;
Ensure contractual obligations required by GDPR flow down to any such sub-processors;
Assist the controller by using appropriate technical and organisational measures to meet its obligations with regard to the rights of data subjects;
Assist the controller with its obligations in respect of data breaches, data protection impact assessments and consultation with the data protection authorities;
At the choice of the controller delete or return all personal data when the services are at an end;
Evidence compliance with GDPR and submit to audits carried out by the controller or a third party on its behalf.
You may wish to review your current supplier contracts to ensure GDPR compliance as well as ensuring these terms are covered in new arrangements. Now is the time for ACTION and remember LawBite is here to help.
If you would like to speak to us about our contract review service, GDPR legal advice or any other legal matter, you can make an enquiry to receive expert business legal advice or call our friendly LawBite team on 0207 148 1066.
How LawBite works LawBite GDPR Rescue Package
Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.
- By Lawbite Team
- March 16, 2021
Every start-up business needs the law. Unfortunately, many cut corners or worse still, ignore the legal side of their business all together. Here's...
- By Lawbite Team
- November 16, 2020
The supervisory authority for GDPR compliance, the Information Commissioner's Office (ICO), has recently published its decision to fine British Air...
- By Lawbite Team
- March 26, 2020
Many businesses have needed to adapt and embrace remote working. For many, this can raise new working practices and question how data is managed wi...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.