Data Processing Clauses

This Data Processing Clause is designed for use in a wide range of agreements and terms and conditions to help address personal data processing carried out by one party on behalf of the other.

It is intended for controller-processor arrangements and supports compliance with the UK GDPR and wider UK data protection law.

The document includes two versions of the clause: one for agreements and one for terms and conditions.

When to use this clause

Use this clause where one party will process personal data on the other party’s behalf as a data processor, rather than using the data for its own independent purposes.

Two main drafting options are included. One simply refers to a separate data processing agreement, while the other provides a fuller set of basic data processing clauses within the main document itself.

The simpler reference to a separate agreement may be suitable where a standalone data processing agreement is already in place. The fuller clause set may be more suitable for simpler processing arrangements where a separate agreement is not needed.

What the document does

The clauses are designed to make the controller-processor relationship clear and to allocate responsibilities accordingly.

In the fuller version, the parties are referred to as the Data Controller and the Data Processor within the clause itself. This is intended to make editing simpler and to make each party’s role and responsibilities clearer from a data protection perspective.

Agreement and terms versions

Separate versions are provided for insertion into agreements and into terms and conditions. In the terms and conditions version, the main contract formed under those terms is also referred to by name so that the clause can be aligned with the wording of the main document.

Data Processing Clauses is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.