ICO GDPR guidance- Contracts and liabilities between Controllers and Processors

bps07834-0000-00 link

Document Information

GSC Classification OFFICIAL
Access Policy Open
Reference bps07834-0000-00
Document Status Review
Primary Classification
Author Organisation Information Commissioner's Office
Sponsor OrganisationNot Known
Trustee NPTC Standards Working Group, trustee@standards.police.uk

Copyright Notice Copyright (c) 2016 National Police Technology Council (NPTC) group and the persons identified as the document authors. All rights reserved.

Abstract

These pages sit alongside our Overview of the GDPR and provide more detailed, practical guidance for UK organisations on contracts between controllers and processors under the GDPR. Under the GDPR, when a controller uses a processor it needs to have a written contract (or other legal act) in place to evidence and govern their working relationship. If you are a controller, this guidance will help you to understand what needs to be inc luded in that contract and why. It will also help processors to understand their responsibilities and liability. The guidance sets out how the ICO interprets the GDPR, and the general recommended approach to compliance and good practice.

Usage

The usage scenarios for bps07834-0000-00 have not been documented yet.

Changelog

Approvals

DateApproverOrganisationEmailComments

Obsoleted By

Obsoletes

Discussions

We’d love you to discuss this item but please be aware that these discussions are publicly accessible.