Contacts & Complex Relationships

Hosted by Oliver Rear and David Holmes, featuring Jason Ellis.

purple data protection podcast icon

Trouble in Paradise – Contracts & Complex Relationships

Our hosts David Holmes and Oliver Rear will be joined by special guest Jason Ellis, Data Protection Officer from Azets who has extensive experience working as a DPO in the Financial Sector. Together the trio will discuss contracts and complex relationships between controllers and processors. If you would like to join us on future episodes of the data protection made easy podcast, visit our events page and sign up for one of the amazing sessions we have on the horizon. If you would like to discuss more contacts and complex relationships with our experts, visit our service page and get in touch today!

In this week’s discussion we cover the following:

  • Complex Relationships and making the determination:
    • Within a group:
      • Which entities are controllers in a complex ownership structure involving hundreds of legal entities?
        • Which of them employ staff?
        • Which of them are just “holding companies?
        • What about Licensed Insolvency Practitioners?The challenge of remaining compliant when Merger and Acquisition is a constant norm, not just once in a lifetime.
    • With customers:
      • Controller or processor when delivering services – with particular focus on payroll bureau services.
        Controller or processor, qualified accountant or bookkeeper, where is the boundary?
      • As a segue to talking about contracts, within the context of complex relationships:
      • EU representatives and UK representatives.
        Depending on time we might also talk about the below but we might struggle to fit them in:
      • Outsourcing, offshoring and nearshoring. The challenge when the supplier is in a “third country”
        Employees wishing to work permanently from home, but in a foreign country, possibly a “third country”
  • Contracts:
    • Issues with “domestic” contracts (or at least contracts where internationalisation is not an issue:
      • How to align Letters of Engagement, Data Processing Agreements and Data Sharing Agreements without causing contradictions.
      • How to write appropriate contracts for software distribution and licensing when a group company owns the software IP but is used by thousands of clients and employees of the business.
    • Moving between domestic and international:
      • Intra-group data sharing agreements and SCCs, mainly when one entity is in the UK and the remainder are in the EU.
    • International contracts:
      • Impact of Brexit on contractual definitions in cross-border contracts.
    • To close the loop we can go from the complexity of the above to the overall challenge of managing processors:
      • How to keep the Register of Processors updated when new processors are added almost daily. The importance of thorough vendor due diligence.

We will be returning next week with an episode of GDPR Radio, a collaborative and interactive event where we join our growing community to discuss the news of the week from the world of data protection. Sign up here.