The Institute of Practitioners in Advertising (IPA) and Incorporated Society of British Advertisers (ISBA) have created a template clause to be used in client-agency contracts to ensure data protection processes are compliant with General Data Protection Regulation (GDPR).
Ahead of the May 25 deadline, the suggested clause sets out the minimum requirements for compliance on both sides when it comes to the creation of a Data Processing Agreement (DPA) as required by GDPR.
Under the legislation, the EU states that any companies dealing in data will need to have an appropriate agreement in place with any third parties who process that information.
The jointly-created clause is distinct from ISBA's recently-launched media services framework.
The trade bodies teamed up with Lewis Silkin's specialist data protection lawyer Simon Morrissey to draft up the clause, which is intended to be used as a variation addendum for clients and agencies.
There is a 'data light' and 'data heavy' version of the clause, catering for different relationships, which can be used either as a separate agreement or included within an existing client/agency contract.
The clauses are now available to download for all ISBA and IPA members.
Debbie Morrison, director of consultancy and best practice at ISBA said preparing for GDPR is "high up on the agenda" of all ISBA members.
"Working collaboratively with the IPA and a specialist lawyer has ensured that the new suggested clauses we have created will at least help both parties set basic standards and ensure each is fully briefed on expectations and importantly that activities are within the law," she added.
Richard Lindsay, director of legal and public affairs at the IPA highlighted that members of both organisations should be comforted by the knowledge the clases have been prepared by an expert on data protection issues.
"Article 28 GDPR demands that controllers and processors enter into written contracts with certain prescribed terms. These two sets of clauses should meet those requirements," he said.
Last month IAB Europe outlined its own framework for implementing GDPR, inviting publishers, technology vendors, agencies and advertisers to participate.