Do you need help with a data processing agreement? EM Law are experts in drafting and advising on data processing agreements. Our lead data protection lawyer is Neil Williamson who has extensive experience in advising clients on a wide range of data protection matters.
On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR ushered in a number of changes to data protection, including new requirements for organisations to deal with.
In the majority of business relationships, personal data will flow from one party to another. Where a data processor carries out processing on behalf of a data controller, the data controller will not comply with the GDPR unless there is a written contract between the two parties setting out the terms, requirements and conditions on which the processing will take place. To give an example, when a company outsources payroll services, they will send personal data to that organisation. In order to be GDPR compliant, the company outsourcing the work must ensure that the organisation providing the services signs up to such an agreement. Data processing agreements between controllers and processors ensure that they both understand their obligations, responsibilities and liabilities.
Article 28(3) of the GDPR specifically states that there must be a contract or other legal act in place between a data controller and a data processor. If there is no contract or other legal act in place, the data controller is in breach of the GDPR and may be open to potential enforcement action by supervisory authorities such as the ICO. Such enforcement actions include compliance orders and financial penalties. Financial penalties can reach up to EUR 20,000,000 or 4% of global turnover, whichever is higher.
As a data controller, a data processing agreement also protects you should your data processor break compliance, mishandle your data or fall victim to a data breach. Without such an agreement, responsibility and blame will fall on you for failing to do your due diligence and utilizing a third-party without adequate policies and procedures in place.
Data processing agreements are just as important for small businesses as they are for large ones. Data processing agreements must also contain specific minimum terms. The agreement must set out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects as well as the obligations and rights of both parties.
In addition, such agreements must contain specific terms or clauses regarding:
• processing only on the data controller’s instructions;
• the duty of confidence;
• appropriate security measures
• using sub-processors
• data subjects’ rights
• assisting the controller
• end of contract provisions; and
• audits and inspections.
If the data processor uses another organisation i.e. a sub-processor to help it process personal data for the data controller, it must also have a written contract in place with that sub-processor.
If you are looking for assistance with drafting your data processing agreements or want advice on GDPR more generally contact Neil Williamson.
"Neil and his team have undertaken several items of legal work covering contracts, agreements and share option schemes for IMC Worldwide... View More Testimonials"
Gavin English MD IMC Worldwide Ltd
"Neil at EM Law advised us with regards to GDPR. He was thoughtful and thorough.... View More Testimonials"
COO of a Strategic Communications Agency
"I want to thank Neil at Emerging Law for his support and guidance whilst I have been setting up my own business. He has talked me through the step by step stages and legalities involved so that I can make informed decisions about my business approach... View More Testimonials"
Ayshen Ali founder Attainers Limited
"I felt incredibly fortunate to have come across Imogen. She was fantastic at helping at every juncture... View More Testimonials"
SM, Recruitment Manager
"Neil and Lauren were both very helpful in drafting contracts I needed for my firm... View More Testimonials"
Alex Mosley, Director Perrygate Property Limited
"Neil and Helen provided us with an employment contract and terms and conditions of business. We found Neil and Helen to be extremely informative and helpful throughout the process... View More Testimonials"
Grant Lambert MD Honor Search (Digital Recruitment)
"Neil Williamson, I cannot thank enough for his work and legal advice, which had brought the great result.... View More Testimonials"
"Neil was brilliant, patient and thorough guiding me through queries setting up my business to be compliant.... View More Testimonials"
Kate York, Photographer
"Neil and I worked alongside each other for several years securing software business overseas for Crown Agents... View More Testimonials"
Nick Small Director Nick Small Consulting
"What can I say about Imogen? She was the shining star in what was a very difficult time for me.... View More Testimonials"
VR, Nutritional Chef and Culinary Manager
"Imogen....has a very personable approach and is succinct in her communication. I would highly recommend her... View More Testimonials"
KE, Development Manager
"Imogen has always given me sound, objective and carefully considered legal advice.... View More Testimonials"
MB, Senior Sponsorship Manager
"Thank you for all your help with the matters regarding my company, you have been thorough in all aspects to the finer detail... View More Testimonials"
John Taylor Director Glo-bell London Ltd
"Neil is able to address complex issues, give us advice that we can follow and come up with creative solutions... View More Testimonials"
Ismet Yucetas CEO Middle East Air Drilling Services
"Imogen is a fantastic employment lawyer. Clear, supportive and very skilled in her area.... View More Testimonials"
LC, Director at a Management Consultancy
"Neil helped us structure, negotiate and put in place our first client software-as-a-service contracts. His technical and commercial advice was invaluable - he understands exactly where we are coming from... View More Testimonials"
Lena Rosenior CEO De Graft Management Ltd
"Cardno has worked closely with EM Law since 2013. The advice and support provided to our business by EM Law has been of a high quality, relevant to our requirements and more importantly helped us to make the appropriate decisions that have contributed to the success of our business... View More Testimonials"
George Mukkath Managing Director Cardno Emerging Markets (UK) Ltd
"We have been working with Neil for many years now, more recently on a retained basis because he has become someone we trust and who understands our business requirements. ... View More Testimonials"
Rupert Wood CEO Wasteland Ski Ltd
"We have worked with Neil and his colleagues on a number of different company issues including business acquisitions, client contract and employment matters... View More Testimonials"
Dave Dadds CEO DRD Communications Ltd
"Starting a new venture, within a new country......I needed someone who could understand the complexities and culture of the venture...... View More Testimonials"
Maren Koros CEO Afyacore
"EM Law have supported Anexsys with a number of legal issues, ranging from drafting complex IT contracts to developing conflict policies and advising on a range of complex multi-jurisdiction legal issues... View More Testimonials"
Rob Crowley MD Anexsys Ltd
Can We Help You?
We are here to help with any of your questions.
Just click "Yes" below.
Please enter your question below
Please enter your name and email address so than we can send you a response
Thank you for sending us your question. We will contact you shortly to discuss this.
Sorry, there is a technical issue. Please contact us by telephone: 0203 637 6374