Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
Kuan Hon explains...
Data controllers: be prepared. Your service providers (if well-advised) will want to negotiate or renegotiate your contracts.
Why? The General Data Protection Regulation (GDPR). This would make service providers and other data processors directly liable, across the European Economic Area, for security and certain other data protection-related matters. The EU institutions, each with their own version of the text and currently in horse-trading 'trilogue' negotiations, aim to agree and adopt GDPR by the end of 2015. That's not far off, in the scheme of things, although there should be a two-year lead time before the GDPR takes effect (directly) in all EEA Member States.
What's the big difference? Under the current Data Protection Directive 95/46/EC, only data controllers have obligations and liabilities under data protection laws, in most Member States (although in a few, such as Ireland, processors do have direct liabilities under national implementing laws). Controllers determine the purposes and means of processing personal data; processors are engaged by controllers to process personal data on their behalf, ie service providers. A controller must put in place a contract (processor agreement, or Article 17 agreement) with its processor, requiring the processor to process personal data only in accordance with the controller's instructions, and to implement certain security measures. The controller also has to ensure the
Access this article and thousands of others like it free by subscribing to our blog.
Read full article
Already a subscriber? Login
0330 161 1234