Personal data processing schedule—controller and processor—intra-group

Copyright © 2025 LexisNexis
Published by a LexisNexis Information Law expert
Precedents

Personal data processing schedule—controller and processor—intra-group

Copyright © 2025 LexisNexis

Published by a LexisNexis Information Law expert

Precedents
imgtext

Defined terms: In addition to the definitions below, this precedent also uses the defined terms ‘Agreement’, ‘Business Day’, ‘Customer’, ‘party’ / ‘parties’, ‘Services’ and ‘Supplier’, which are not specific to data processing and which it is assumed are separately defined in the relevant agreement. See the drafting notes for further guidance.

The Schedule

    1. 1

      Definitions and interpretation

      1. 1.1

        In this Schedule:

        Adequacy Regulation

        1. means any valid adequacy regulation as referred to in Article 45 of the GDPR;

        Attached Standard Contractual Clauses

        1. means the provisions set out in [Annex [insert] to ] Appendix 7;

        binding corporate rules

        1. means the binding corporate rules referred to in Appendix 6;

        Controller

        1. has the meaning given in Data Protection Laws;

        Data Protection Impact Assessment

        1. shall be construed in accordance with Data Protection Laws;

        Data Protection Laws

        1. means all applicable laws relating to the processing, privacy, and/or use of personal data, as applicable to either party or the Services, including:

          1. (a)

            the GDPR;

          2. (b)

            the Data Protection Act 2018;

          3. (c)

            any laws which implement or supplement any such laws; and

          4. (d)

            any laws which replace, extend, re-enact, consolidate or amend any of the foregoing;

        Data Protection Supervisory

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related legal acts:
Key definition:
Personal data definition
What does Personal data mean?

Personal data means data relating to a living individual who can be identified from such data, either alone or with other information in the data controller’s possession. It includes opinions about, and intentions in relation to the data subject.

Read more readmore

Popular documents

Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for

Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for content of some training for a business, would a consent form be needed?Is someone’s voice personal identifiable information under GDPR?A voice recording is likely, in almost all circumstances, to

If planning permission imposes restrictions on a licensed premises opening hours, once operational can

If planning permission imposes restrictions on a licensed premises opening hours, once operational can the personal licence holder apply for a Temporary Events Notice (TEN) to open for longer hours than those permitted in the planning permission?To use any property for a licensable activity both

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a