European Data Protection Board (EDPB) approves ‘template’ contract clauses for data controllers / processors use
In December 2019, the European Data Protection Board (EDPB) approved new ‘template’ contract clauses for use by data controllers and processors. Proposed by Denmark and just approved by the EDPB, the UK’S Information Commissioner’s Office (ICO) has included references to these contract clauses in its UK guidance which can be found here.
The clauses address Article 28(3) of the GDPR which states that processing by a data
processor must be governed by a contract (or other legal form) with the relevant data
controller which sets out how personal data (provided by the data controller) will be
processed by the data processor.
It should be noted that these clauses are not to be confused with the EU approved model contractual clauses to legitimise the export of personal data from the EU to non-EU countries without ‘adequate/equivalent’ data protection laws.
To receive information relating to URM’s news, blogs, and services and please subscribe to our mailing list by sending us some information using the form below.