This Practice Note addresses the data protection aspects of outsourcing under UK data protection law from the perspective of customers and suppliers where (as is usual in outsourcing arrangements) the customer acts as controller and the supplier acts as processor. This Practice Note on data protection and outsourcing also sets out what compliant outsourcing agreements typically contain and discusses commonly negotiated issues in outsourcing agreements relating to data protection such as audit provisions, indemnities and liability (including approaches taken to limitations, exclusions and caps on the supplier’s liability and indemnities). It also provides guidance on similar requirements under equivalent EEA laws and considers both the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regimes.
If you expected to see yourself on this page, click here.
0330 161 1234