Print

Print


Initial thoughts are that the answer would depend on the wording of the contract, as that should contain the level of detail involved in the service specs and - either directly or implicitly out of this - data ownership.

I've seen contracts that drill down to microscopic detail when specifying exactly what actions a Processor will undertake for a Controller, but equally I've seen contracts that say (for example) 'Here's a list of our Customers: it's been cleaned against the DMA lists. Find out what they think about X please - we'll leave it to you how you do it.'

Owen

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^