Liability and indemnity provisions in contracts in light of the GDPR

Controllers often demand that processors accept unlimited liability, but may be surprised to find themselves in trouble if the processor becomes insolvent. By Victoria Hordern of Bates Wells.

Knowing what your liability could be in any given situation is pretty important for any organisation to be able to operate effectively. When two parties enter into a contract, the liability provisions can be keenly negotiated over. Getting a liability provision wrong can be calamitous and expensive. In the world of UK data protection law, organisations face at least three potential areas of liability – fines from the Information Commissioner (ICO), compensation claims from individuals who have suffered damage (including class actions), and being sued for breach of contract when there has been a failure to comply with contractual provisions. Of course, there are other actions the ICO could take which will have a serious impact on an organisation(1) and it could suffer irreparable reputational damage due to its failure to comply with the GDPR(2) in circumstances where ­contractual clauses offer no protection.

Continue reading

UK Report subscribers please login to access the full article.

If you wish to subscribe please see our subscription information.