IACCM Contract Management Forum

« view all forum posts
2014-03-17 10:34:40

Liability of Data Processors

English Law.
Data Processors are liable contractually to Data Controllers under contractual arrangements that DCs flow down pursuant to their liability under the DPA. However, can DPs be fined directly from the Information Commissioner?
Would a DP be liable to a data subject directly (assuming the DC was non-compliant with its obligations under the DPA?)
With the soon-to-be legislation in this area, are indemnities (DP to DC)a thing of the past?
 •   2014-04-08 08:27:34
In my understanding, the DP liability is entirely to the DC - which is logical, since the DP might not have any physical presence in the UK. I find the following guide very useful http://ico.org.uk/for_organisations/data_protection/~/media/documents/library/Data_Protection/Detailed_specialist_guides/outsourcing_guide_for_smes.ashx
 •   2015-04-07 06:10:45
The DP would indemnify the DC if the DP was in breach of the UK Data Protection Act. it is very important for DCs to ensure that their DPs have adequate data security in place especially DPs who are abroad and that DP clauses exist in commercial contracts.
Replies: 2
Filter by category
Operations & Capabilities
Organization & People
Strategy & Management Tools