3rd Party Contracts – Guidance for Social Care Providers

April 24th 2019

Social Care Providers are data controllers in data protection law. This is because care providers choose how and why they process data and what data they process.

Any organisation which holds, creates or amends data on your behalf is called a data processor. In the GDPR it is a legal requirement that you have a written contract in place with your data processors.

The requirements for contracts between a controller and processor are set out in GDPR Articles 28-36 and Recitals 81-83. The guide, which you can download from below, has been designed to tell you what you need to have in your contracts and there is a checklist on page 2.