Data Protection Clauses in Commercial Contracts - The Key Issues & Best Practice

Introduction

Any commercial contract that involves a transfer of personal data between the parties needs to contain a series of clear data protection clauses. In some cases, the basic content will be mandated by the UK GDPR but there is still a considerable amount of flexibility for parties when negotiating the most favourable terms from their own perspectives.

This webinar reviews the key issues and a series of potential clauses together with suggested amendments which would be appropriate from the competing perspectives of the parties.

What You Will Learn

This webinar will cover the following:

• Key Concepts
• Definitions of ‘controller’, ‘joint controller’, and ‘processor’
• Different types of contracts - controller to controller; joint controllers; controller to processor
• Common clauses - definitions; status of the parties; compliance with applicable legislation
• Joint controllers - mandatory content
• Controller to Processor Agreements
• Mandatory content
• Sub-processing
• Audit rights
• Security requirements
• Breach reporting requirements
• Dealing with data subjects’ requests
• Indemnities

This pre-recorded webinar will be available to view from Tuesday 9th June 2026

Alternatively, you can gain access to this webinar and 2,100+ others via the MBL Webinar Subscription. Please email webinarsubscription@mblseminars.com for more details.