This Practice Note addresses the data protection aspects of outsourcing under UK data protection law from the perspective of customers and suppliers where (as is usual in outsourcing arrangements) the customer acts as controller and the supplier acts as processor. This Practice Note on data protection and outsourcing also sets out what compliant outsourcing agreements typically contain and discusses commonly negotiated issues in outsourcing agreements relating to data protection such as audit provisions, indemnities and liability (including approaches taken to limitations, exclusions and caps on the supplier’s liability and indemnities). It also provides guidance on similar requirements under equivalent EEA laws and considers both the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regimes.
This UK GDPR compliant pro-customer data processing agreement is for use when a customer wishes to engage a processor (the supplier) within the UK to process data, possibly including (but not limited to) personal data, on its behalf. The agreement includes provisions relating to the ownership of the customer data and any derivative works created by the supplier from that data.
If you expected to see yourself on this page, click here.
0330 161 1234