Getting prepared for the EU General Data Protection Regulation – review you data processor contracts
The GDPR has a major impact on the responsibilities of both data controllers and their data processors – the definition of the relationship between them will change and processors will need to step-up accordingly.
Current law requires written contracts between controllers and processors, but under the GDPR more detailed contracts will need to be in place to cover additional requirements.
If your organisation is a data controller, you should have reviewed your contracts with processors to make sure both parties are well prepared and your risk from outsourcing is minimised. If you are a processor you need to look at your contracts to protect your interests, in line with for the new responsibilities and liability imposed upon your organisation by the GDPR.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.