The Information Commissioner’s Office (ICO) has published detailed guidance on contracts and liabilities between controllers and processors.
This guidance will help both controllers and processors to understand what needs to be included in a contract and why. It will also help processors to understand their new responsibilities and liabilities under the GDPR.
There are many common issues to discuss about contracts and liabilities. The guidance is structured so that these are discussed first. After this, the issues specific to controllers and processors are discussed separately.
Please note that this guidance is not a guide to contract law or to the intricacies of commercial contract negotiation.