How do I make my contracts GDPR compliant?
Posted on 10th May 2018 at 20:31
We are moving ever closer to the implementation of the GDPR – the General Data Protection Regulation that is a new law across the European Economic Area (EEA) and in the UK and replaces the Data Protection Act 1998 on the 25 May 2018. Many companies who process or control personal data already amending their policies and procedures to ensure compliance when the regime changes. What many organisations may not realise however is how the GDPR could impact on contracts they are currently negotiating or that they already have in place.
Future proofing your contracts
Most contracts will include clauses which address data protection issues; even if these are simply to modify that each party will comply with their respective obligations under the Data Protection Act and Privacy and Electronic Communications Regulations. However, it is highly likely that many contracts at the time when they were completed would not have made provision for being superseded, never mind the requirements of GDPR. It is therefore vital that organisations review their existing contracts which will still be live by the time the GDPR is in force and check the data protection clauses within them. It is highly likely the clauses within these contracts will need to be updated to ensure that the data protection obligations reflect the GDPR requirements. Equally, any contracts currently being negotiated should contain provisions which incorporate the GDPR. Otherwise, you run the risk of breaching the GDPR as soon as it applies at the end of this month.
What is GDPR and why do we need it?
Think back 20 years. There was no iPhone (2007) and no Facebook (2004). The way that personal data was used, and the volume of data shared, when the 1998 act came into force was very different from today. GDPR aims to bring data protection rules into line with modern day practice.
Therefore, it is essential when entering into contracts which involve personal data being transferred from one party to another that the documentation explicitly contains provisions which address the requirements of GDPR. Equally, it is important that existing contracts which will be in force after the 25 May 2018 are also updated. In both instances we recommend the inclusion of a data schedule in any contract where personal data is being passed between parties to cover the information required by the Article.
If you have any further queries about making your contracts GDPR compliant, or the impact of the GDPR regime on your organisation generally, we would be happy to assist you. Please contact our specialist team.
Share this post: