UK: ICO Consults on GDPR Guidance on Contracts and Liabilities Between Controllers and Processors

On September 13, 2017 the Information Commissioner’s Office (ICO) published a consultation on guidance on contracts and liabilities between controllers and processors under the General Data Protection Regulation (GDPR).

The GDPR will replace national data protection legislation when it enters into force from May 2018. In the UK, the Data Protection Act 1998 (DPA) has been modified, now requiring a written contract between a controller and processor. The new provisions specify detailed terms with the aim of setting high standards and protecting the interests of data subjects.

To continue reading please log in or request a demo to speak to a member of the team.