Confidentiality Agreements, also known as Non-Disclosure Agreements, are a
valuable addition to the business toolbox. Protecting the secrecy of
valuable business information when dealing with a third party is of great
importance. In some cases, this is achieved through a confidentiality
clause in another contract; however in some cases – particularly if more
detail is desirable – a dedicated agreement is preferred.
Data Protection Updates
In addition to general best practice updates and improvements to our core
Non-Disclosure Agreements, we have added new data protection provisions
dealing with (in most cases) data sharing and data processing, designed for
use in situations where the confidential information to be disclosed
includes personal data.
We have taken a broad approach when it comes to defining “data protection
legislation”. Our definition is broad and has been designed to ensure a
smooth transition from the GDPR to the Data Protection Act 2018. It also
guards against the possibility of an uncertain Brexit transition by
retaining the applicability of the GDPR until such time as it no longer has
legal effect in the UK. As it applies to this situation, the purpose of the
DPA 2018 is primarily to incorporate the GDPR’s provisions into UK law, so
definitions and the overall effect are likely to remain unchanged. If this
position changes in the future, our information and documents will be
As noted above, two new options are included (in all but the pre-project
agreement which includes only a data sharing clause due to its purpose).
The first is a controller-to-controller data sharing clause; the second is
a controller-to-processor data processing clause (wherein the party
receiving the confidential information processes personal data on behalf of
the disclosing party).
Each new clause clearly sets out the respective obligations of the parties,
including important requirements such as the establishment of appropriate
technical and organisational measures to protect the personal data being
shared or processed. Optional restrictions have also been incorporated with
respect to further transfers of the personal data and non-EEA transfers. In
each clause, mutual indemnity provisions ensure that either party to the
agreement will indemnify the other for harm resulting from the indemnifying
party’s breach of the data protection legislation.
The contents of this Newsletter are for reference purposes only and do not constitute
legal advice. Independent legal advice should be sought in relation to any specific