Outsourcing and data protection
Produced in partnership with Marina Paul

The following Information Law practice note produced in partnership with Marina Paul provides comprehensive and up to date legal information covering:

  • Outsourcing and data protection
  • In brief
  • Topics covered in this Practice Note
  • Scope of this Practice Note
  • Key guidance from regulators
  • The GDPR regimes as applicable to outsourcing
  • The GDPR regimes
  • Contract or other legal act
  • Meaning of processing and personal data
  • Controllers and processors
  • More...

Outsourcing and data protection

In brief

Data protection laws in both the EEA (the EU plus Iceland, Norway, and Liechtenstein) and UK seek to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly. To help ensure that, both EEA and UK data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing). ‘Processing’ is broadly defined to include doing most things with data, including storing, deleting, collecting, disclosing or using it.

One of the key protections under both EEA and UK data protection laws is the obligations placed on ‘controllers’ (usually meaning those that decide the purposes and means of processing) and ‘processors’ (those that process personal data on behalf of a controller further to the controller’s instructions). Among other things, EEA and UK data protection laws usually require controllers and processors to put in place contracts containing certain minimum provisions and ensure any processor(s) they engage are suitable. In an outsourcing arrangement, the customer will often act as controller and the supplier as its processor.

This Practice Note introduces the requirements under EEA and UK data protection laws in the context of an outsourcing arrangement where a supplier will process personal data as processor on behalf of a customer. It also explains the rules that apply when a supplier sub-contracts personal

Popular documents