Q&As

Are there any government approved standard GDPR compliant data processing clauses for use by public authorities?

read titleRead full title
Last updated on 29/01/2018

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • Are there any government approved standard GDPR compliant data processing clauses for use by public authorities?
  • Background
  • In-scope organisations
  • Generic standard General Data Protection Regulation clauses

Are there any government approved standard GDPR compliant data processing clauses for use by public authorities?

The General Data Protection Regulation (EU) 2016/679, the GDPR, will replace Directive 95/46/EC, Data Protection Directive and all implementing data protection legislation in EU Member States, including the UK’s Data Protection Act 1998 (DPA 1998) from 25 May 2018. The GDPR will be directly applicable in all Member States without the need for implementing national legislation. See Practice Note: Introduction to the EU GDPR and UK GDPR.

This Q&A considers the generic standard GDPR clauses found in Annex A, Part 1 of the Procurement Policy Note—Changes to Data Protection Legislation & General Data Protection Regulation (PPN 03/17) issued by the Crown Commercial Service.

Background

In December 2017, the Crown Commercial Service published PPN 03/17, a public procurement note which explains how government buyers should bring existing and future commercial arrangements concerning data processing into line with the GDPR and the Data Protection Law Enforcement Directive (EU) 2016/680 (DPLED). See LNB News 20/12/2017 117.

PPN 03/17 includes guidance

Related documents:
Key definition:
Processing definition
What does Processing mean?

Under the EU GDPR or UK GDPR, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The EU GDPR and UK GDPR each confirm a wide range of activities fall within that broad definition (eg collection, storage, alteration, retrieval, use, disclosure, transmission and erasure).

Popular documents