List of data protection clauses and agreements for commercial transactions and personal data processing and sharing
List of data protection clauses and agreements for commercial transactions and personal data processing and sharing

The following Life Sciences guidance note provides comprehensive and up to date legal information covering:

  • List of data protection clauses and agreements for commercial transactions and personal data processing and sharing
  • Controller to processor data processing arrangements
  • Controller to controller data sharing arrangements
  • Clause for international transfers
  • Public sector contracts

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

This Practice Note is a consolidated list of key General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) compliant Precedent terms, clauses, provisions, schedules and agreements that may be adapted as appropriate for use in commercial transactions and personal data sharing scenarios. It is divided as follows:

  1. controller to processor data processing arrangements

  2. controller to controller data sharing arrangements

  3. clauses for international transfers

For a comprehensive introduction to the GDPR, collating key practical guidance, see: Data protection too