Do GDPR data processing obligations require an entirely new contract to be issued?

Hi,

We purchased the comprehensive web services contract in 2015 and my question is, in light of GDPR should we purchase the updated equivalent contract (which presumably includes GDPR compliant data processing clauses), or could we purchase the separate GDPR data processing agreement and issue that to clients as an updated schedule to the original contract? The latter is my preference, as the consequences of re-issuing entirely new draft contracts  to clients will be significant time required by both parties in revisiting previously agreed terms and conditions. 

Look forward to receiving your response in due course.

Thanks 

Nick

487 viewsdata protection law

Alasdair Taylor's Answer

Either approach can work. If you are supplementing an existing contract with a DPA, a few points to check are: (i) that you dis-apply any existing clauses covering the same ground where appropriate; (ii) that the other provisions of the existing contract are consistent with the DPA – check in particular the licensing, confidentiality, termination, security and sub-contracting clauses.

Ask a question

Question in one sentence
Select a topic that best fits your question.

Search questions

Disclaimer

Using this legal Q&A, users can get guidance on business-related legal questions from our legal experts.

The guidance is not legal advice; no lawyer-client or similar relationship is created by the Q&A.

By using the Q&A, you agree to the limitations and exclusions of liability set out in our terms and conditions.

Useful Links

Our services

English law

Unless otherwise stated, the information and resources on this website relate to English law.

Web cookies

By using our website, you agree to our use of web cookies. See our privacy policy for details.

Docular Limited

Howbery Park,
Wallingford
Oxfordshire
OX10 8BA, UK

Our other websites

SEQ Legal
Copyright © 2024 Docular Limited | All rights reserved