The Information Commission's Office (ICO) has published new, detailed guidance on controllers and processors under the GDPR. In addition, they have also published guidance on contracts and liabilities between controllers and processors.
The guidance also provides useful information around the specific terms or clauses that must be included in a contract between a controller and a processor or a processor and a sub-processor.
- Processing only on the documented instructions of the controller.
- Duty of confidence.
- Appropriate security measures.
- Using sub-processors.
- Data subjects’ rights.
- Assisting the controller.
- End-of-contract provisions.
- Audits and inspections.
At Markel Law we regularly comment on SME related matters.
Follow this link to find out more about Markel Law and how we can assist your business.
This guidance discusses contracts and liabilities between controllers and processors in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding. DPOs and those with specific data protection responsibilities in larger organisations are likely to find it useful. If you haven’t yet read contracts and liabilities between controllers and processors in brief in the Guide to Data Protection, you should read that first. It sets out the key points you need to know, along with practical checklists to help you comply. This guidance will help both controllers and processors to understand what needs to be included in a contract and why. It will also help processors to understand their new responsibilities and liabilities under the GDPR.