The General Data Protection Regulation (GDPR) introduced a range of new requirements for companies wishing to engage data processors or share data with another business on a joint controller or controller to controller basis.
Controllers and processors are required to have in place a contract containing certain mandatory provisions, whereas data being shared between joint controllers requires the implementation of a joint controller arrangement. Separately, there are a wide range of factors which must be considered to ensure that data to be shared with other independent controllers is done so lawfully.
We are experienced in advising on data processing agreements and provisions, joint controller arrangements and data sharing agreements, including where these involve data being transferred internationally. Sometimes it will not be easy to identify whether the recipient of the data will be acting as a data controller or a data processor, and we can assist with making this determination.
Our clients include innovative fintech and adtech companies, financial and professional services firms including UK and US law firms, and multinational businesses in UK, as well as international organisations.