In this webinar, the first of our series (GDPR isn’t just for 25 May) covers what you need to consider in your contracts with customers, suppliers, joint venture partners and others.
We look at what you might expect and need to sign up to as controller or processor and when the person you’re dealing with is controller or processor.
This is a practical session looking at what you need to consider, rather than just what the law says, when drafting contracts or when asked to sign up to other people’s terms.
Join the conversation on Twitter and LinkedIn with #GenerationGDPR
GDPR Contract Requirements Data Protection Wording
1. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Data Protection Wording
What do you now need in your contract?
2. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Connect with Richard
richard.nicholas@brownejacobson.com
+44 (0)121 237 3992
Data Protection Wording
What do you now need in your contract?
3. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Imagine
4. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
1. D….
2. A….
3. T….
4. A….
What questions do you
need to ask yourself?
5. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
If you stay til the end…
6. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
1. Data
2. Am I Controller/processor
3. They controller/processor
4. Additional clauses?
Did you get the answer?
7. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Art 4 GDPR
“Information relating to an
identified or identifiable
natural person (data subject)”
Data – is it personal?
8. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
• If I am a Controller
– LFT, LP, DM, A, SL, SIC
• If I am a Processor
– C, R, A, P, N, O, W
Am I a controller or
processor?
9. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
• If I am a Controller
– DD on Processors
– Terms in place with
Processors
• If I am a Processor
– Answer DD questions
– Terms in place with
Controller
Am I a controller or
processor?
10. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
• If they are Processor
– Article 28 terms in place
with Processors
• If they are also a controller
– Joint Controller? (Art 26)
– Who will provide notices
– Who will seek consent (if
needed)?
They controller or
processor?
11. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Do you control:
• what personal data you
collect?
• who from?
• who to disclose to?
• who can access?
• how long to retain it?
Controller or processor?
12. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Article 28 wording
• only process on instructions of
controller
• allow for audits
+
• confidentiality
• technical and organisational
measures
• not sub-process w/o authority*
• assist with SARs, Notification*
If appointing a
processor
13. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Article 28 wording
• delete or return data at the end
of the contract
• set out various information
about the personal data being
processed
– Subject matter, duration,
nature, purpose, type,
category of data subject &
obligations & rights of the
controller
If appointing a
processor
14. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
• Schedule rather than clause
in contract?
• Table (needs completing –
specific to the contract)
So what?
15. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
• Some items might require
more thought:
– assistance (whose cost?)
– immediate notification of
suspected data breaches
– sub-processors –
specific/general authority
So what?
16. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
NOT required by Art 28 GDPR
• no transfer outside the EEA
(Art 44-49)
• indemnity for breach of data
clauses
• liability for data loss
• how deal with complaints/
queries
Additional Clauses
17. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Data privacy and cyber-
security podcast series
Available on Soundcloud
18. Join in the conversation #GenerationGDPR Connect with Richard | LinkedIn
Connect with Richard
richard.nicholas@brownejacobson.com
+44 (0)121 237 3992
Get in tocuh