If you haven't seen those produced by the ISRG, I'd suggest those are worth a look. Page with clauses attached here: https://www.irsg.co.uk/resources-and-commentary/irsg-example-gdpr-ready-processor-terms/
We've been using our own new terms for new agreements and renewals since April, but benchmarked them against these when they were released in September and thought they seemed fairly good, so perhaps a useful starting point.
Andrew
Andrew Powell
Data Protection Officer
Bank of England |Threadneedle Street|London|EC2R 8AH|+44 (0)203 461 6039
[log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Jon Baines
Sent: Friday, November 17, 2017 9:44 AM
To: [log in to unmask]
Subject: Re: [data-protection] Early Friday GDPR Question
*********************************************************
This email has reached the Bank via the Internet or an external network
*********************************************************
I understand some model clauses are doing the rounds in govt (Westminster) circles. Not sure if they're publicly available yet though.
Jon Baines,
Chair,
nadpo.co.uk
> On 17 Nov 2017, at 09:02, Donald Henderson - CHX <[log in to unmask]> wrote:
>
> As a supplementary question, has anyone actually got / written a decent set of clauses for a GDPR processor contract yet that they'd be willing to share? I've started drafting something a couple of times, but keep losing the will to live...
>
> Donald
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Bill Dunn
> Sent: 16 November 2017 15:53
> To: [log in to unmask]
> Subject: [data-protection] Early Friday GDPR Question
>
> Hi all,
>
> I have a query (probably with a very obvious answer but it is just not coming to me) about when a processor is required to have a DPO and what is the responsibility on the controller (if any) to ensure that the processor has one. The situation is - a Council outsources is records storage to an external contractor who provides an EDRMS service. The records relate to a large number of residents in its area and contain special category data about each resident. In terms of Article 37(1)(c), my questions are; does the storage of the information make the provider a processor, is this their "core activity" for that article and so require them to have a DPO, would not having a DPO be an issue in relation to providing sufficient guarantees in terms of Article 28(1) and if so, does this make it the Council's responsibility to ensure that a DPO is appointed or prevent the Council from contracting with the provider?
>
> Does anyone have any views?
>
> Thanks
>
> Bill Dunn
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user
> commands can be found at
> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Securing the future... - Improving services - Enhancing quality of
> life - Making best use of public resources.
>
> The information in this email is solely for the intended recipients.
>
> If you are not an intended recipient, you must not disclose, copy, or
> distribute its contents or use them in any way: please advise the
> sender immediately and delete this email.
>
> Perth & Kinross Council, Culture Perth and Kinross and TACTRAN do not
> warrant that this email or any attachments are virus-free and does not
> accept any liability for any loss or damage resulting from any virus
> infection. Perth & Kinross Council may monitor or examine any emails received by its email system.
>
> The information contained in this email may not be the views of Perth
> & Kinross Council, Culture Perth and Kinross or TACTRAN.
> It is possible for email to be falsified and the sender cannot be held
> responsible for the integrity of the information contained in it.
>
> Requests to Perth & Kinross Council under the Freedom of Information
> (Scotland) Act should be directed to the Freedom of Information Team -
> email: [log in to unmask]
>
> General enquiries to Perth & Kinross Council should be made to
> [log in to unmask] or 01738 475000.
>
> General enquiries and requests under the Freedom of Information
> (Scotland) Act to Culture Perth and Kinross should be made to
> [log in to unmask] or 01738 444949
>
> General enquiries to TACTRAN should be made to [log in to unmask] or
> 01738 475775.
>
> Securing the future... - Improving services - Enhancing quality of
> life - Making best use of public resources.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user
> commands can be found at
> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
***********************************************************************************
This e-mail (including any attachments) is intended only for the addressee(s) named above. Its contents may be confidential. If you receive this e-mail in error, please immediately contact the sender and delete this e-mail. Unauthorised use, disclosure, storage or copying of this email and any attachments is not permitted and may be unlawful.
The Bank of England is located at Threadneedle Street, London EC2R 8AH. The Prudential Regulation Authority is located at 20 Moorgate, London EC2R 6DA. Please visit www.bankofengland.co.uk.
***********************************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|