Engaging processors

Read our detailed guidance to help you comply with the Law when you are using third parties to do certain tasks with people’s data.
Whether you are a small company or a large global organisation, you may decide to engage another party to help you or carry out some tasks on your behalf.

These third parties (known as 'processors') can be pivotal to ensuring that you operate as effectively and efficiently as possible. However, where you do engage other parties to carry out work on your behalf, you need to understand the steps that must be taken to ensure compliance with the Law

Examples of these types of relationships could include:
  • Outsourcing the administration of payroll and HR functions 
  • Outsourcing day-to-day IT functions to a specialist provider 
  • Outsourcing the business development and marketing operations 
  • Outsourcing work to a group entity

Where you appoint a processor to carry out work on your behalf, the Law requires you (as the controller) to ensure that
  • sufficient guarantees that reasonable technical and organisational measures will be established and carried out by the processor are obtained to ensure that the processing meets the requirements of the Law and will safeguard data subject rights. 
  • a legally binding contract, in compliance with the Law, is put in place between you and the processor.
Please refer to our suite of processor guidance resources below, to help you understand and comply with the legal requirements.