Skip to content

Data Processing Agreement

It is common that companies need to share personal data. For example, you may need to share personal data on your customers with a subcontractor that is providing customer support services. How you share personal data with third parties is regulated in the UK and it is a legal requirement to have a Data Processing Agreement when transferring personal data to a third party.

Who is responsible for the personal data?

Companies that process personal data on behalf of another company are called Personal Data Processors. The company that decides what the personal data is to be used for is called a Personal Data Controller. When a Personal Data Controller transfers personal data to a Personal Data Processor, it must provide instructions on how the personal data can be used. These instructions are provided through a Data Processing Agreement.

Why is a Data Processing Agreement important?

A Data Processing Agreement allows a Personal Data Controller to maintain control over the personal data it shares with a third party. It is a legal requirement to have a Data Processing Agreement in place when sharing personal data with a Personal Data Processor. Failing to do so can lead to signficant fines for the Personal Data Controller and/or the Personal Data Processor.

What do you need to do?

  1. Determine whether you collect or handle personal data.  Are you a Personal Data Processor or a Personal Data Controller.  If you are a Personal Data Controller, identify any Personal Data Processors that you share personal data with. PocketLaw can help you do this.
  2. Review who you have entered into a Data Processing Agreement with.
  3. If an agreement is missing or needs to be updated, get one in place as soon as possible.

Common mistakes with Data Processing Agreements

A common misconception is that it is possible to waive responsibility for personal data through a Data Processing Agreement. Both the Personal Data Controller and the Personal Data Processor are responsible for personal data under UK data protection regulations and both parties can be fined if they fail to protect the personal data they handle.

PocketLaw helps you build a better business

Feeling lost in the GDPR jungle? No worries, we are here to help you - both in assessing what parties are responsible for what, and getting a Data Processing Agreement in place. PocketLaw offers a platform with legal docments, guidance and a clever contract management system, as well as personal legal advice. All legal you need to grow your business and drive it forward.