Getting prepared for the EU General Data Protection Regulation – review you data processor contracts
The GDPR will have a major impact on the responsibilities of both data controllers and their data processors, the definition of the relationship between them will need to change and processors will need to ‘step up’ accordingly.
Current law requires written contracts between controllers and processors but under the GDPR more detailed contracts will need to be in place to cover additional requirements.
If your organisation is a data controller, you should start reviewing your contracts with processors NOW to make sure both parties are well prepared and your risk from outsourcing is minimised. If you are a processor you need to look again at what should be in your contracts to protect your interests, ready for the new responsibilities and liability imposed upon your organisation by the GDPR.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.