IPA and ISBA draw up GDPR clause for client-agency contracts

Under the legislation, the EU states that any companies dealing in data will need to have an appropriate agreement in place with any third parties who process that information.

The jointly-created clause is distinct from ISBA's recently-launched media services framework.

The trade bodies teamed up with Lewis Silkin's specialist data protection lawyer Simon Morrissey to draft up the clause, which is intended to be used as a variation addendum for clients and agencies.

There is a 'data light' and 'data heavy' version of the clause, catering for different relationships, which can be used either as a separate agreement or included within an existing client/agency contract.

The clauses are now available to download for all ISBA and IPA members.

Debbie Morrison, director of consultancy and best practice at ISBA said preparing for GDPR is "high up on the agenda" of all ISBA members.

"Working collaboratively with the IPA and a specialist lawyer has ensured that the new suggested clauses we have created will at least help both parties set basic standards and ensure each is fully briefed on expectations and importantly that activities are within the law," she added.

Richard Lindsay, director of legal and public affairs at the IPA highlighted that members of both organisations should be comforted by the knowledge the clases have been prepared by an expert on data protection issues.

"Article 28 GDPR demands that controllers and processors enter into written contracts with certain prescribed terms. These two sets of clauses should meet those requirements," he said.

Last month IAB Europe outlined its own framework for implementing GDPR, inviting publishers, technology vendors, agencies and advertisers to participate.