There's been a fair bit of discussion about this. I found this piece by DLA Piper's data protection people quite good on it https://blogs.dlapiper.com/privacymatters/uk-liability-limits-for-gdpr-in-commercial-contracts-the-law-and-recent-trends/
TL;DR "while caps/exclusions of liability for the discretional obligations [imposed by contract] are legitimate and likely to be upheld, there is more doubt about exclusions/indemnities for fines and data subject claims levied in relation to breaches of [express GDPR obligations]"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|