In an era defined by data-driven business models, the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) have transformed how contracts must be constructed. At Thames Draft, we ensure your legal documents aren't just agreements, but formidable shields against regulatory risk.
The Controller vs. Processor Divide
Distinguishing between a Data Controller (the party determining the 'why' and 'how') and a Data Processor (the party acting on instructions) is the bedrock of compliance. Misidentifying these roles in a contract can lead to misplaced liability and massive regulatory fines.
Mandatory DPA Clauses
Article 28 of the GDPR requires specific provisions in any agreement where personal data is handled. This includes requirements for sub-processing, confidentiality, security measures, and the eventual return or destruction of data.
Consequences of Non-Compliance
Beyond the headline fines of up to £17.5 million or 4% of global turnover, non-compliant contracts expose you to private litigation from data subjects and severe reputational damage in the London market.
How Thames Draft Protects You
We meticulously review every clause to ensure it aligns with the latest Information Commissioner's Office (ICO) guidelines. Our West End team specialises in:
- Custom-tailored Data Processing Agreements (DPAs).
- Liability limitation for data breaches.
- International Data Transfer Agreements (IDTAs).
Audit Your Contracts Today
Don't wait for a data breach to find the gaps in your compliance. Let our experts review your existing agreements.
Request a GDPR Review