In a message dated 10/09/2002 12:25:37 GMT Daylight Time,
[log in to unmask] writes:
<< I wonder if anyone can point me in the direction of a form of words for a
Data Protection clause in a contract with a Data Processor, where we (Data
Controller) supply them with a straightforward list of our membership
contact details (name and address only) from our membership database for the
purpose of publishing the list in our annual Members Reference Book. The
Data Processor is the publisher. >>
----------
This is a much simpler task than you might think. Most contracts would
contain details of the requirements either in the main body or in the SLA
(Service Level Agreement) that accompanies the contract.
It would be pointless having a clause that says "both parties will comply
with the requirements of the DPA98" as data processors have no legal
obligations under the DPA98 (unlike the 84 Act) and so they only have to
comply with contractual requirements.
All you need to do is specify in the contract where the data will come from
(presumably from a specified officer within your organisation), what the
contractor can use it for (in this example only printing and publishing), how
long they can keep it for (including proofs), whether they are allowed to
disclose (to whom and under what circumstances - including the proofs, etc -
such as "only to the nominated officer in the client organisation"), how
secure it needs to be in their possession (as the data are to be published
anyway I presume security requirements aren't great) and whether they are
allowed to send it overseas for processing purposes (restrictions will apply
if they want to process outside the EEA).
It is important that you specify the consequences of non-compliance with the
contract in respect of the personal data. If they do something wrong it
would still be your organisation that is liable, you should ensure they know
you will recover any costs and possibly terminate the contract without notice.
Although not a ready-made form of words, I hope the above is of some
assistance.
Ian
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|