Data protection negotiation guide—controller: processor—deletion and return of data at the end of the processing

Published by a LexisNexis Information Law expert
Practice notes

Data protection negotiation guide—controller: processor—deletion and return of data at the end of the processing

Published by a LexisNexis Information Law expert

Practice notes
imgtext

This Practice Note forms part of the data protection Negotiation Guide (Guide). This part of the Guide addresses the negotiation of provisions relating to deletion and return of personal data at the end of the processing in agreements between controllers and processors subject to the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR).

For an introduction to the Guide, see Practice Note: Data protection negotiation guide—controller: processor—introduction. This Practice Note utilises a number of common abbreviations. They are separately defined within the above introduction.

As explained in Practice Note: Data protection negotiation guide—controller: processor—introduction:

  1. the parties have commercial flexibility to allocate the costs and expenses of performing these obligations between themselves

  2. there are significant similarities between the UK GDPR and the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and the Guide focuses on the position under the UK GDPR. For information about the background to the UK GDPR and its relationship with the EU GDPR, see Practice Note:

Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Data protection definition
What does Data protection mean?

In an employment context, this refers to the obligation on an employer to protect the data of its employees and ensure that it complies with the law on how it uses the employees' data.

Popular documents