Contract Law

Contact DPP GDPR on 0333 200 5859 for clear GDPR legal advice involving the creation of contracts.

Contract law is a vital element of both the commercial and corporate legal sectors. Solicitors working within this field assist businesses and individuals in:

• The drawing up of a contract or other legal documents
• Providing legal advice about all valid contractual agreements
• Prosecution of individuals or companies who may be guilty of breach of contract
• Defence of individuals or companies accused of breach of contract

The European Union introduced the General Data Protection Regulation (GDPR) in May 2018. As a result, many contracts are now subject to extra requirements involving data.

Now, before a business can have access to private data, there must be a written contract in place. This rule has given rise to GDPR contract law.

Our GDPR solicitors can provide you with legal advice on contracts. Call us today on 0333 200 5859

How our solicitors can help you

Our GDPR contract solicitors offer knowledgeable advice on data protection laws.

Our specialisms include:

• Advising you on the creation of legal documents relating to your adherence to GDPR. These may include data processor agreements
• Helping you to understand your obligations when it comes to GDPR and the Data Protection Act. These may relate to employee data, client data or the data of partner businesses
• Providing advice on the storage and processing of data
• Reviewing and providing guidance on existing GDPR contracts
• Suggesting ways of demonstrating compliance and gaining consent for client data sharing
• Working with your Human Resources department to include references to GDPR in contracts
• Advising you on your use of data for monitoring purposes
• Helping you to handle Data Subject Access Requests
• Helping you to plan your resolution of – and response to – suspected GDPR-related data breaches

Alongside this, our solicitors can provide advice on:

• Technology law
• General contract law
• Regulatory compliance
• Intellectual property law
• Commercial law
• Corporate law

What is a Data Processor Agreement?

If your company is a “data controller”, you may decide to appoint a “data processor”. This individual or organisation will manage the handling of the information you collect.

All your interactions with the data processor should meet the requirements of GDPR and the Data Protection Act.

The processor’s management of all relevant data should also adhere to this legislation.

Our team of legal specialists can help you to draw up a Data Processor Agreement. This would be a contract that covers all aspects of data-related legislation. It will include any legal obligations and how they relate to the role.

How to become GDPR compliant

Following the regulations listed in Article 28 is one of the clearest ways to ensure your company complies with GDPR. It will help you take steps to avoid allegations of breach of agreement or contract by detailing all information your Data Processor Agreement should incorporate.

This includes:

• Details of the legal obligations and rights of the data controller. This includes the controller’s right to audit the processor
• Details of the processor’s explicit duties. This includes the implementation of any necessary technologies and approaches
• An explanation that any action taken by the processor must first be permitted and documented by the controller
• Details of the purpose of the data processing
• Details of the data’s subject matter and type
• An explanation of the reason for the processing
• A list of any relevant categories of data and its subjects
• A clear explanation of how long the processing will take
• An understanding that the processor is required to delete or return all data after processing it

Furthermore, you must never collect data without full consent from its subject. If you receive a Data Subject Access Request, you must provide all the information sought within 40 days.

Any device on which you store data must be completely secure and accessible only by authorised individuals.

Frequently Asked Questions about GDPR contracts

What are the model contract clauses?

The “model contract clauses” are a means of security that recipients of data-based outside of the EU are required to review before that data can be transferred from inside the EU.

Overseas organisations may be required to do this if their local territory has been deemed to have insufficient data protection legislation in place. If the approaches to data protection are considered adequate, they will not be required to review the model contract clauses.

What damages can I claim for a GDPR breach of contract?

You can claim compensation in the form of material and non-material damage for a data breach that compromises your personal data.

You may claim material damage if the breach in question has led to a financial loss, and non-material damage if you can prove that the breach has resulted in significant distress.

What damages can I claim for a GDPR breach of contract?

Depending on the type and severity of the breach – and taking into account your company’s history of GDPR compliance – if you commit a breach of contract related to GDPR, you and your organization may face:

• Investigations and audits
• Data processing bans or restrictions (either temporary or permanent)
• Official warnings
• Orders to rectify existing issues
• Bans on the transfer of data to third parties or other countries

A fine of whichever amount is highest – 2% of your annual revenue or €10 million for more minor breaches, or 4% of your annual revenue or €20 million for serious matters. These figures represent the largest possible penalties in each field.

Whether you need assistance in drawing up a contract or legal representation following a breach – contact our specialist GDPR contract solicitors today on 0333 200 5859