ProvePrivacy Logo | Blue Green

Back to home

Data Sharing, Processing Activities

Transferring Data to a Data Processor

Data Sharing | ProvePrivacy | Article Image 12

Transferring personal data to a data processor requires an element of due diligence to have taken place, in particular all processing by a data processor must be governed by a contract, which stipulates a number of specified clauses.  These clauses ensure a legal obligation exists to protect the data subject’s data and their rights and should any of these clauses not be present, then the contract with the data processor should be considered none compliant.

It is also a requirement that the data processor provides sufficient guarantees that it has ‘technical and organisational measures’ in place to protect personal data.  These guarantees may be included in the contract or where there might be a higher risk to the data subject then it is recommended that these measures may be reviewed separately in a data protection security assessment.

If a data processor needs to engage with another data processor, then they must first obtain the permission of the data controller in writing before doing so.

Additional safeguards will also be required if the transfer of personal data is an international transfer.

You might also like

Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

See our Privacy Statement for more details.

Get expert tips and business insights