GDPR Package (Supplier as Processor)

GDPR Package (Supplier as Processor)

  • per month, min term 12 months

Subscription details
Here's How It Works:
- Choose the products and delivery schedule that fits your needs

- No obligation, modify or cancel your subscription anytime.

Learn more...

Contact Us for 1000+ employees

Click here for full package details


Monthly Plans


Your Package Includes

  • Standard product updates – updates typically provided on 12 month release cycle
  • Services via email email / phone – call us with queries on how to use the product, what type of information needs to be included in schedules and so on. This is not legal advice, it is use of product information only.
  • Basic configuration (style only)– we apply your company logo and name and contact details into the product. The basic configuration will also be applied to ITC updates made available to you.
  • NTR – a ‘negotiation topics register’ that:
    • identifies issues that could be raised in negotiation by the other party in relation to the particular product agreement (non-exhaustive).
    • provides a standard response as to why the relevant provision is written as it is.
    • provides an alternative provision that could be used.
  • NTR standard updates – updates to the NTR, typically provided on a 12 month release cycle. The updates incorporate feedback from other users of that NTR.
  • Applied configuration (content) – your company-specific provisions incorporated into the product. A maximum of 5 provisions can be included. The applied configuration will also be applied to ITC updates made available to you.
  • Customer requested product updates – request an update to a product and we will prepare and provide that update if it can be standardized and will be useful to other customers (at our discretion)
  • Customer requested product updates – request an update to a product and we will prepare and provide that update if it can be standardized and will be useful to other customers (at our discretion)- NTR updates on request – where an issue being negotiated is not addressed in the NTR, we will update the NTR on request if the issue is likely to be relevant to other users of that NTR (at our discretion)

Please sign up to have ongoing access on our site to the products you have purchased and to receive package updates. Sign up at checkout. Our terms and conditions apply.

Your package includes:

  • GDPR & Data Protection Schedule (Supplier as Processor, for new agreements)            
  • GDPR & Data Protection Addendum (Supplier as Processor, for existing agreements)

 Description of Products follows:

GDPR & Data Protection Schedule (Supplier as Processor, for new agreements)

This GDPR & Data Protection Schedule is for inclusion as an additional schedule in new agreements being signed with customers, where the GDPR applies.

The schedule is for use when the Supplier is a ‘processor’ under the GDPR (they are processing personal data on behalf of and on instruction of a ‘controller’). The schedule includes the provisions required to be included in a contract between a ‘Controller’ and a ‘Processor’ under Article 28 of the GDPR.

The schedule also includes the Standard Contractual Clauses – Processor which are required for most ‘Restricted Transfers’. A Restricted Transfer is a transfer of Personal Data outside of the European Union and these Standard Contractual Clauses are required where there is no other adequate protection (such as that the country is an approved jurisdiction).

GDPR & Data Protection Addendum (Supplier as Processor, for existing agreements)

The GDPR requires parties to a contract that was made before the GDPR came into force, to vary that contract to take account of certain requirements of the GDPR.

This GDPR & Data Protection Addendum includes the provisions that need to be included in a contract between a ‘controller’ and a ‘processor’. A processor includes any supplier that is ‘processing’ personal data on behalf of a controller. So, ISVs that provide SaaS products are typically processors and so are professional service providers and managed service providers.

The Addendum also includes the Standard Contractual Clauses – Processor which are often required for ‘Restricted Transfers’. A Restricted Transfer is a transfer of Personal Data outside of the European Union and these Standard Contractual Clauses are required where there is no other adequate protection (such as that the country is an approved jurisdiction).

X

We'll agree a time to suit you

LinkedIn
[powr-form-builder id=1c081b45_1482196805]