UK GDPR, controllers, joint controllers and data processing agreements

Available from: 22/07/2024

Determining whether a contracting party is a Controller, Processor or Joint Controller is one of the most confusing aspects of compliance with the UK GDPR. Primary responsibility for compliance rests with the Controller and therefore it is imperative to clearly identify the status of each party at the outset of the relationship.

In addition, article 28(3) of the UK GDPR states that controller to processor agreements, otherwise known as data processing agreements, must contain certain specific content albeit this is often the subject of detailed negotiation.

This webinar deals with both of these issues via a series of case studies and review of key contract clauses.

Key topics for discussion will include:


  • definitions of Controller, Processor and Joint Controller
  • review of case studies

Contractual relationships and key clauses

  • Controller – Controller agreements
  • Joint Controller agreements
  • Controller – Processor agreements

Data Processing Agreements – mandatory content – Article 28(3) UK GDPR

  • Documented instructions
  • Appropriate technical and organisational measures
  • Provision of assistance to the controller
  • Deletion or return of information on termination
  • Audit rights
  • Confidentiality obligations

Liability of the parties

  • liability for ICO enforcement action
  • liability for compensation arising from a breach of the legislation              


Members:  £127.00

Non members:  £175.00

Sole practitioner:  £88.00

All prices ex-VAT

Save £££s with membership and pre-paid bundle credits

Have a bundle?

Contact us directly to book using
your pre-paid bundle credit.

01904 653 550
Loading animation