Contract Between Data Controller and Data Processor GDPR (A250)

Who can use this Data Processor Appointment?

This Data Processor Agreement is for use by a company or organisation that wants to appoint an outsider as data processor.

What is this contract for?

This data processor appointment is for use by an organisation which wants support in handling/processing personal data.  Under the Data Protection Act 2018 and the European GDPR, there are numerous obligations on organisations with regard to data protection and outsourcing to a suitable company can be useful.

Written from the data controller’s perspective, the Data Processor Agreement comprises a one-page Form of Agreement, Terms and Conditions, plus Schedules to be completed detailing the Services, Fees, and Insurance.

ContractStore has other relevant documents dealing with GDPR  and data protection

What are the main issues?

The legal duties of a data processor are spelt out in some detail in the legislation and a Data Processor Appointment should reflect these duties in its wording.  So the agreement will refer in various places to the GDPR and/or Data Protection Act.

Scope of services.  The agreement needs to clearly define the scope of the data processor’s role and the client will want to reserve the right review and inspect the services stop

Variations probably need to be covered as these can affect the data processor’s role as well as the fee arrangements.

There can be serious penalties as well as potential claims form individuals for a company which has a data breach. So the agreement needs to have clear wording under which the processor is going to be responsible for ensuring there is no infringement of the law and to make good the company’s losses if the processor is responsible for a data breach. This is likely to involve insurance claims and therefore the agreement needs a clause requiring the data processor to maintain adequate professional indemnity insurance.

What detailed terms does the contract contain?

The Terms and Conditions contain 18 clauses covering:

• definitions
• scope of contract
• data processor’s obligations
• programme
• personnel
• variations
• review and inspections
• price and payment
• warranties
• termination
• intellectual property
• indemnity, liability and insurance
• confidentiality
• assignment and subcontracting
• disputes and governing law
• notices
• general clause

For more information on each of these sections, see our Explanatory Notes  which you will  receive when you download the document from our website.

For information on signing documents see our Contract Signing page

When I download the document, can I change it and/or use it more than once?

Yes, all ContractStore’s templates are in MS Word and you can use the contract on more than one project. For more information, watch the video on this page of our website or see our FAQs

Legal support

ContractStore supplies templates and is not a law firm.  But experienced lawyers write all our templates, so we can arrange legal assistance for customers who need special terms in one of our documents or a bespoke template. . For more information see our Legal Services page.  For more information see our Legal Services page.

Contract Author –   Giles Dixon / Sharon Benning-Prince

And if you want to contact us see our Contacts page.

Read more about GDPR on our blog or sign up for information alerts and guidance here.