Historically, data protection liability in your average commercial contract has either . Similarly, if there is a good dispute resolution clause in the It's very common to see wide-ranging indemnities in US contracts, but their
Help! My data processor wants an indemnity. One significant change under the General Data Protection Regulation is to place direct regulatory obligations on
Under the GDPR, whenever a controller users a processor it needs to have a written contract in place. This is important so the parties understand their responsibilities and liabilities. The mandatory requirements of the data processing agreements are set out in Article 28 of the GDPR.
82 GDPR Right to compensation and liability. Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.
A processor can also be held liable under Article 82 to pay compensation for the damage caused by processing where: it has failed to comply with GDPR provisions specifically relating to processors, or. where it has acted without the lawful instructions of the controller, or against those instructions.
reflect any indemnity that has been agreed. The GDPR allows for standard contractual clauses from the EU Commission or a supervisory authority (such as
The General Data Protection Regulation (EU) 2016/679. • Replaces the EU Data Comparison against Controller/Processor Model Clause .. Agreement. 9. Additional Indemnity from Controller for Controller Instructions.
GDPR (the EU General Data Protection Regulation) requires, among many other Recitals of GDPR compliance; An indemnification clause.
DLA Piper's Article 28 GDPR working group produced this “Example Data Protection Addendum Addressing Article 28 GDPR (Processor Terms) and Incorporating . 28 GDPR and Incorporating Standard Contractual Clauses for Controller to
respective obligations for data protection Under the GDPR, data subjects whose personal data are beyond the equivalent provision in the Data Protection.