- The GDPR and contract liability and indemnities between controllers and processors
- What amounts, such as £ and % contract value, are processors commonly accepting as the cap on their liability for breach of their GDPR-related data protection obligations under their contracts or at law? Are controllers commonly able to impose high or unlimited liability caps?
- Are processors commonly accepting liability in connection with a breach of their data protection obligations on the basis of indemnities?
- Are there any exclusions of liability or other terms which processors are commonly seeking to include in contracts with controllers to limit their potential liability for data protection breaches?
- What level of liability are controllers accepting for breach of their own contractual obligations to processors in connection with data protection, where those are given?
- To what extent does the position differ to that explained above when dealing with cloud services agreements and information technology outsourcing (ITO) or business process outsourcing (BPO)?
Information Law analysis: How are processors adapting their approach to contractual liability for data protection breaches now the General Data Protection Regulation (GDPR) applies? Mark Crichard, partner at RPC, considers the GDPR in relation to contract liability and indemnities in arrangements between controllers and processors.
Sign in or take a trial to read the full analysis.
To continue reading this news article, as well as thousands of others like it, sign in to LexisPSL or register for a free trial