Insights Information Commissioner’s office publishes detailed guidance on contracts and liabilities between controllers and processors

The guidance discusses contracts and liabilities between controllers and processors in detail. The ICO recommends it to those with detailed questions not answered in the Guide, or those needing a deeper understanding. DPOs and those with specific data protection responsibilities in larger organisations are likely to find it useful.

The guidance is designed to help both controllers and processors to understand what needs to be included in a contract and why. It will also help processors to understand their new responsibilities and liabilities under the GDPR.

The guidance covers: i) when a contract is needed and why it is important; ii) what should be included in a contract; iii) responsibilities and liabilities for controllers using a processor; and iv) responsibilities and liabilities for processors in their own right. The ICO recommends reading the general sections first and then the relevant specific section. To access the guidance in full, click here.

Expertise