Does your business need to share personal data with another company? Perhaps your payroll is managed by an external suppler who needs employee information. Or maybe a third party supplier is providing your email marketing services and needs access to customer data. If so, you are essentially entering into a data process arrangement.
Managing this process can be tricky to get right. As the business that is sharing the personal data (ie the data controller) you are legally responsible for what the other business (the data processor) does with it.
To comply with the Data Protection Act, you will also need to put a written agreement in place between your business and the data processor, clearly setting out what they can do with the personal data you share with them, limiting them to acting on your instructions, and setting out the requirements for the organisational and technical safeguarding of the personal data.
And if the data processor is located outside the UK and the EU / European Economic Area, the situation becomes even more complex, as more stringent requirements then apply.
Star Legal can advise you on potential data processor arrangements you may be considering, review the compliance of existing arrangements, and prepare any data processor agreements that are needed. We can also support you if you’re the data processor rather than a data controller.
Data protection is a prominent issue now, both in terms of enforcement action taken by the Information Commissioner for breaches of the Data Protection Act, and the importance given to privacy and data protection issues by consumers and businesses alike. We have the experience and expertise to help your business get it right and avoid both fines and prosecutions, and the damage these can cause to the reputation of your business.
If you are looking for a safe pair of hands to oversee your data processor arrangements, contact us today.