Transferring Data to a Data Processor

< Back
You are here:

Transferring personal data to a data processor requires an element of due diligence to have taken place, in particular all processing by a data processor must be governed by a contract, which stipulates a number of specified clauses.  These clauses ensure a legal obligation exists to protect the data subject’s data and their rights and should any of these clauses not be present, then the contract with the data processor should be considered none compliant.

It is also a requirement that the data processor provides sufficient guarantees that it has ‘technical and organisational measures’ in place to protect personal data.  These guarantees may be included in the contract or where there might be a higher risk to the data subject then it is recommended that these measures may be reviewed separately in a data protection security assessment.

If a data processor needs to engage with another data processor, then they must first obtain the permission of the data controller in writing before doing so.

Additional safeguards will also be required if the transfer of personal data is an international transfer.

Mark Roebuck

Mark Roebuck

Building a career around data led programme management Mark recognised that existing data compliance solutions were complex and difficult for clients to use. Frustrated with the options he founded ProvePrivacy to provide an effective and simple to use data protection compliance solution.

Copyright:  All information and articles provided represent the views of ProvePrivacy Limited and our contributors.  They do not constitute legal or data protection advice. All rights reserved.

You Might Also Like