Legal experts publish GDPR-ready processor terms
The International Regulatory Strategy Group, in conjunction with Clifford Chance and DLA Piper, has produced a document to help inform organisations of the requirements arising from the implementation of the EU General Data Protection Regulation (GDPR) in relation to data governance and compliance controls in the supply chain.
The GDPR imposes stringent requirements for controllers appointing processors, including prescribing various matters which must be stipulated in a contract or other legal act (Article 28).
The European Commission and supervisory authorities have the power to adopt standard contractual clauses to meet these new requirements.
The example template is intended to assist organisations as they tackle the sizeable “re-papering” challenge to ensure supply chains are GDPR ready for the implementation deadline of 25 May 2018.