The UK Information Commissioner’s Office (ICO) has issued several new guidance documents on Data Controllers, Data Processors and the interaction among them. Key points of the Contracts guidance include: Whenever a controller uses a processor, there must be a written contract (or other legal act) in place. If a processor uses another organization (ie. a sub-processor) to assist in its processing of personal data for a controller, it needs to have a written contract in place with that sub-processor. The contract is important so that both parties understand their responsibilities and liabilities. The GDPR sets out what needs to be included in the contract. This is reflected in Art. 28 of GDPR Controllers and Processors under GDPR Key points of the Controller/Processor guidance include: Your obligations under the GDPR vary depending on whether you are a controller, joint controller or processor. The key question is: who determines the purposes for which the data are…
Read more detail on Recent Business Law posts –
