Arrange a Consultation

Do my existing contracts with service providers need changing to comply with GDPR?

Feb 28 - Brian Siney

Featured in JEP’s Expert Panel – 28th February 2018

A:

It is highly likely that they will need updating prior to 25 May 2018. This is one of the most important areas of GDPR i.e. the contractual relationship between the data controller and the data processor.

While ultimately the responsibility is with the data controller to demonstrate compliance with GDPR, these contracts must now contain key obligations as required by A28 of GDPR, such as the processor having appropriate technical, security and organisational measures in place, commitment to confidentiality, details of the exact processing to be done to the controllers personal data, ability to exercise data subject rights and assisting the controller in matters of compliance with GDPR. Such contracts must also be very clear in relation to data transfer arrangements, data retention and deletion criteria required by the controller.

Where the processor operates outside these specific contractual requirements, the processor and controller are exposed to penalties for non-compliance to GDPR.

A suggested approach would be to start looking at key contracts where personal data is being processed, effectively those high risk areas, such as outsourced payroll, cloud/managed computing services, direct marketing and financial services agents, if applicable.

Ensure Your Business is GDPR Compliant Today!

Contact me today and arrange a consultation…

Be Secure is a Jersey-based data consultancy business specialising in GDPR data protection, data privacy and cyber security. Leveraging extensive experience of founder Brian Siney, Be Secure offers a unique business focus and perspective for managing GDPR.

Send me a message

Call me on 07797 738743

More from the blog

Back to Blog home

1