Data processing clause—GDPR compliant—short form—pro-controller
Data processing clause—GDPR compliant—short form—pro-controller

The following IP guidance note provides comprehensive and up to date legal information covering:

  • Data processing clause—GDPR compliant—short form—pro-controller
  • Data processing clause
  • The ScheduleData protection
  • Part A: Data processing details
  • Part B: Minimum technical and organisational security measures

Produced in partnership with JP Buckley, Rachel Edwards and Andrew Mills of Shoosmiths

DRAFTING FOR BREXIT: For the latest information on the impact of Brexit on the drafting, negotiation and enforceability of this Precedent, see Practice Notes: Brexit—implications for data protection, Brexit—drafting boilerplate clauses and Brexit—drafting commercial clauses.

For short form pro-controller provisions drafted as a separate schedule (as opposed to clauses for the main body of the agreement), see Precedent: Data processing schedule—GDPR compliant—short form—pro-controller.

Data processing clause

  1. 1

    Processing of Personal Data

    1. Definitions

    2. 1.1

      In this clause 1:

      1. 1.1.1

        Controller, Data Subject, International Organisation, Personal Data, Personal Data Breach, Processor and processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed, and processes shall be construed accordingly);

      2. 1.1.2

        Data Protection Laws means any applicable law relating to the processing, privacy and/or use of Personal Data, as applicable to either party or the Services, including:

        1. (a)

          the GDPR;

        2. (b)

          the Data Protection Act 2018;

        3. (c)

          any laws which implement any such laws;

        4. (d)

          any laws that replace, extend, re-enact, consolidate or amend any of the foregoing; and

        5. (e)

          all guidance, guidelines and