Reflecting on This Week’s Information Sharing, Data Processors and Contracts Session
By Jess Pembroke, Director of Information Law Services
I recently had the pleasure of delivering our Information Sharing, Data Processors and Contracts course.
From the outset, the delegates brought thoughtful questions and curiosity about how to get information sharing and contracting with third parties right from a data protection perspective.
We talked about the difference between a Data Controller and Data Processor, why it’s important to get these right and what to do if a third party misunderstands their role.
Unsurprisingly, one of the biggest areas of interest was the Data Processing Addendum (DPA).
Delegates were particularly keen to unpick:
- What must be in a DPA to meet legal requirements
- What’s useful to include
- How far to go in tailoring DPAs for different kinds of processors and different levels of risk
Art. 28 of the UK General Data Protection Regulations sets out the terms you need when engaging with a Data Processor, but we use worksheets so delegates could have a go at identifying and critiquing Data Processing Addendums for themselves. This hands-on element always seems to be where things “click”: people can see how the theory translates into the contracts they’re dealing with day-to-day.
Looking Ahead to 12 March
I’ll be delivering Information Sharing, Data Processors and Contracts again on 12 March, and I’m really looking forward to continuing these conversations.
If you:
- Work with third-party suppliers or cloud services
- Are responsible for contracts, information governance or data protection
- Want to feel more confident about what “good” looks like in DPAs and information sharing agreements
…then this course is designed for you. Book via the link above or please contact us to find out more!