The General Data Protection Regulation (GDPR) came into effect on May 25th, 2018, to protect the personal data of European Union (EU) citizens. The regulation applies to all businesses and organizations that process the personal data of individuals inside the EU, regardless of where the company is located.
If you`re a business owner or contract manager, it`s essential to be familiar with GDPR clauses within contracts. One essential clause is the GDPR Article 28 Clause. This clause provides specific guidance on the processing of personal data by third-party service providers.
Here`s a sample GDPR Article 28 Clause:
“The Processor shall:
a) Process personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
b) Ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c) Take all measures required pursuant to GDPR Article 32 (Security of processing);
d) Respect the conditions referred to in GDPR Article 28 (3) for engaging another processor;
e) Taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller`s obligation to respond to requests for exercising the data subject`s rights as laid down in Chapter III;
f) Assist the Controller in ensuring compliance with the obligations pursuant to GDPR Articles 32 to 36 taking into account the nature of processing and the information available to the Processor;
g) At the choice of the Controller, delete or return all the personal data to the Controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data;
h) Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in GDPR Article 28 and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.”
The GDPR Article 28 Clause is just one example of a contractual clause required to comply with GDPR regulations. Therefore, it`s essential to have an experienced legal team to draft your contracts` terms and conditions in line with the GDPR`s legal requirements.
In conclusion, GDPR compliance is a crucial aspect of doing business in the EU. Understanding GDPR clauses like the Article 28 Clause is essential to ensure that your contracts comply with GDPR regulations. Collaborate with legal professionals to ensure that your documents meet GDPR`s strict requirements and protect your customers` personal data.