Data processing clause—GDPR compliant—short form—pro-processor
Data processing clause—GDPR compliant—short form—pro-processor

The following IP guidance note provides comprehensive and up to date legal information covering:

  • Data processing clause—GDPR compliant—short form—pro-processor
  • Data processing clause
  • The ScheduleData protection
  • Part A: Data processing details
  • Part B: Technical and organisational security measures

Produced in partnership with JP Buckley, Rachel Edwards and Andrew Mills of Shoosmiths

DRAFTING FOR BREXIT: For the latest information on the impact of Brexit on the drafting, negotiation and enforceability of this Precedent, see Practice Notes: Brexit—implications for data protection, Brexit—drafting boilerplate clauses and Brexit—drafting commercial clauses.

For short form pro-processor provisions drafted as a separate schedule (as opposed to clauses for the main body of the agreement), see Precedent: Data processing schedule—GDPR compliant—short form—pro-processor.

Data processing clause

  1. 1

    Processing of personal data

    1. Definitions

    2. 1.1

      In this clause 1:

      1. 1.1.1

        Controller, Data Subject, International Organisation, Personal Data, Personal Data Breach, Processor and processing shall have the respective meanings given to them in applicable Data Protection Laws from time to time (and related expressions, including process, processed and processes shall be construed accordingly);

      2. 1.1.2

        Data Protection Laws means, as binding on either party or the Services:

        1. (a)

          the GDPR;

        2. (b)

          the Data Protection Act 2018;

        3. (c)

          any laws which implement any such laws; and

        4. (d)

          any laws that replace, extend, re-enact, consolidate or amend any of the foregoing;

      3. 1.1.3

        GDPR means the General Data Protection Regulation, Regulation (EU) 2016/679;

      4. 1.1.4