The EU General Data Protection Regulation (“GDPR”) will apply from 25 May 2018 and will fully replace existing national data protection legislation (i.e. the UK Data Protection Act 1998). Whilst certain existing provisions will remain the same, the GDPR also introduces new and additional data protection obligations on companies handling personal data, data controllers and data processors.
The GDPR imposes specific obligations on Controllers and Processors of Personal Data. The GDPR requires Controllers and Processors to enter into contracts containing specific provisions relating to the protection of the Personal Data processed. A significant change introduced by the GDPR is the requirement to ensure that contracts with “data processors” include certain minimum terms.
emPSN have communicated with all its customers about this. View a copy of our data processor notification.