Data processing arrangements—representative sub-provisions—pro-controller and pro-processor

Copyright © 2025 LexisNexis
Produced in partnership with Tughan Thuraisingam of DWF LLP and Adam Panagiotopoulos of DWF LLP
Precedents

Data processing arrangements—representative sub-provisions—pro-controller and pro-processor

Copyright © 2025 LexisNexis

Produced in partnership with Tughan Thuraisingam of DWF LLP and Adam Panagiotopoulos of DWF LLP

Precedents
imgtext

Note: These provisions are drafted on the assumption that the relevant agreement is a business to business arrangement under which the supplier acts as processor for a customer acting as a controller in respect of processing subject to the United Kingdom General Data Protection Regulation (UK GDPR), Assimilated Regulation (EU) 2016/679. The terms ‘supplier’ and ‘customer’ (instead of ‘processor’ or ‘controller’ respectively) have been used to make these provisions easier to integrate into commercial agreements. They also use the additional defined terms ‘Agreement’, ‘Business Day’, ‘Customer’, ‘Data Protection Laws’, ‘Data Subject’, ‘GDPR’ and ‘Supplier’, which it is assumed are separately defined as appropriate in the relevant agreement. It is also assumed that the definition of ‘GDPR’ will refer to the UK GDPR and that the definition of ‘Data Protection Laws’ will include the UK GDPR. These provisions could also be adapted for use where

Tughan Thuraisingam
Tughan Thuraisingam

Director, DWF LLP

Tughan has extensive experience in supporting clients with large-scale privacy compliance programmes and post-acquisition privacy alignment projects. He enjoys working closely with innovation and technology teams to embed privacy into the operations of a client's business. 
 
Prior to DWF, Tughan worked in the legal services business in a Big 4 accountancy firm. He spent over two years on secondment to one of the world's largest global payments technology companies. Through his in-house experience, Tughan has developed substantial expertise in providing pragmatic and commercially focused solutions to the more complex issues faced by clients in this area.
 
Tughan is part of the Data Protection Finance Group ('DPFG') leadership team. The DPFG is a communication network of over 400 lawyers and privacy professionals across the financial services sector.

Read moreRead more
Adam Panagiotopoulos
Adam Panagiotopoulos

Associate, DWF LLP

Adam is an Associate at the Data Protection and Cyber Security team at DWF and a CIPP/E certified professional, specialising in data protection, privacy and information governance. He has provided Data Protection Officer (DPO), consultancy and legal services to UK and international organisations and advised on their information governance compliance.

Adam is experienced in advising organisations across the full spectrum of compliance requirements under privacy and data protection law. In particular, he is experienced in dealing with business-as-usual data protection and privacy issues, including records of processing, transparency and consent arrangements and data subject rights.

He is also experienced in supporting complex business transformations and projects, including the use of innovative technologies (such as AI-driven systems), healthcare innovation, marketing activities and compliance with cross-jurisdictional requirements.

In addition to his legal positions, he has worked at highly ranked universities as a tutor and contributed to policy-making and research projects in the area of emerging technologies.

Adam is very approachable, listens to the clients' issues and problems and provides practical and business-oriented advice.

Read moreRead more
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data definition
What does Data mean?

This term is not defined in the cpr. In normal usage it means information that has been organised and categorised for a pre-determined purpose.

Read more readmore

Popular documents

The UK General Data Protection Regulation (UK GDPR)—Navigator

The UK General Data Protection Regulation (UK GDPR)—Navigator [Archived]ARCHIVED: This Practice Note is not maintained and is for background information only. This archived Practice Note i) provides navigational information on the UK GDPR and accompanying Data Protection Act 2018 and ii) briefly

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Contributory negligence in personal injury claims

Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin