Supply chains under data protection law—arrangements between controllers and processors

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Supply chains under data protection law—arrangements between controllers and processors
  • In brief
  • Topics covered in this Practice Note
  • Scope of this Practice Note
  • Key guidance from regulators
  • The GDPR regimes and arrangements between controllers and processors
  • The GDPR regimes
  • Contract or other legal act
  • Meaning of processing and personal data
  • Meaning of controller and processor
  • More...

Supply chains under data protection law—arrangements between controllers and processors

In brief

Data protection laws in both the EEA (the EU plus Iceland, Norway, and Liechtenstein) and UK seek to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly. To help ensure that, both EEA and UK data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing). ‘Processing’ is broadly defined to include doing most things with data, including storing, deleting, collecting, disclosing or using it.

One of the key protections under both EEA and UK data protection laws is the obligations placed on ‘controllers’ (usually meaning those that decide the purposes and means of processing) and ‘processors’ (those that process personal data on behalf of a controller further to the controller’s instructions). Among other things, EEA and UK data protection laws usually require controllers and processors to put in place contracts containing certain minimum provisions and ensure the processor(s) they engage are suitable.

This Practice Note introduces the requirements under EEA and UK data protection laws where a processor will process personal data on behalf of a controller in a commercial context and related commercial and legal issues.

It assumes a degree of familiarity with key data protection concepts and terms and the role of key supervisory organisations. For a general

Popular documents