Contracting out data processing operations

What is this?

This is a policy, along with accompanying procedures and other documentation (including appendices to your contracts), to ensure that when your organisation uses an outside body to process data on your behalf (a ‘data processor’), it’s being done in ways that are in line with your responsibilities.

Why do I need it?

Although it may make a lot of sense to outsource some operations to a data processor, ultimate responsibility for what is done with and to the data remains with the outsourcing organisation (the ‘data controller’): you. In addition to there being some specific legal requirements for your contracts, it’s prudent, as in so many walks of business life,  to satisfy yourself that your chosen processor understands their responsibilities and that collectively you have reduced the risk of unlawful, unforeseen or unintended events that would cause you operational or reputational difficulties.

What’s the process?

Tailored to your specific circumstances, we’ll provide the documentation and checklists that will give you the confidence to know that how you’re operating is in line with the law and that you’ve reduced the chances of things going wrong. This is usually an iterative process which will produce what’s right for you.

What do I do next?

Talk to us by using the red ‘Book Online Consultation’ button.