You are here:

Last updated on 28 March 2018
Ref: 34452
School types: All · School phases: All

Your contracts with third parties which process personal data on your behalf must cover new points to be GDPR-compliant. Download our checklist to make sure your contracts address the new rules, and send our template letter to carry out the required due diligence on your suppliers.

Article tools


  1. Check and update relevant contracts
  2. Carry out due diligence on suppliers
  3. Suppliers might respond with a privacy notice
  4. You don’t need to make the same checks for data controllers

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.