Consultancy Agreement Gdpr Clause

As a precaution, if the advisory contract imposes detailed and/or restrictive obligations on the advisor, this may indicate a level of control indicating that the advisor is indeed a worker or employee. For the same reason, the clause should not cover employment-related benefits, such as leave entitlement/salary, and specify that the counsellor is not paid for a period during which the services are not provided, for example due to the counsellor`s poor state of health. The data subject is the identified or identifiable living person to whom personal data relate (section 3 (5), DPA 2018). As with the DPA in 1998, an advisor (or the individual to whom advice is provided through a service company) will be a “data subject” and the customer will be a “data controller” within the meaning of the GDPR and the 2018 DPA. Therefore, clients must process the personal data of their consultants in accordance with the GDPR and the DPA 2018. Next month, we will publish the third and final article in the series on the design of consulting contracts. This will focus on common issues related to such agreements, including the impact of IR35, including limiting the advisor`s ability to work elsewhere and restrictive agreements. It is important to include detailed confidentiality clauses in consulting contracts, since, unlike employees, consultants are generally not implicitly required to keep it secret. The company should ensure that the confidentiality rules cover all types of information that it considers confidential and to which the consultant has access.

In the past, consulting contracts may have included clauses where the advisor agrees that the client retains and processes his or her personal data. However, this type of generic consent is no longer as useful under the GDPR, as it can be revoked at any time. However, the company should ensure that the clause does not attempt to prevent the contractor from using information that is part of its own skills, knowledge and experience, unlike trade secrets, for example, as this is not applicable when challenged. There is a small risk that the inclusion of compensation in HMRC`s second point above may indicate, when examining the agreement, that there are doubts as to the employment status of the consultant. However, that risk is outweighed by the economic benefits of such compensation. A compensation provision in the agreement could protect the company against losses resulting from the following losses: depending on the services that the advisor has to provide and, for example, if he exercises the right to appoint an alternate, the consultant may also be either a data processor or a data controller. The consequence of a data processor is that the consultant is subject to additional obligations under the GDPR, which must be reflected in the consulting contract. In particular, the advisor must: according to the GDPR, advisors have rights as data subjects. The company, as data protection officer, must provide the consultants with a data protection declaration indicating the company`s personal data about them, as well as how and why this information is processed. It is a proven method for the consulting contract to refer to this data protection declaration and confirm where to find this statement. It is recommended that the company contain, as far as possible, a clause allowing the consultant to provide at his own expense an approved and duly qualified replacement for the provision of the services in place of the adviser. .

. .