The General Data Protection Regulation (GDPR) and Data Protection Act 2018 came into force on 25 May 2018.
All new CPC Framework’s include new data protection clauses, so that our contracts comply with the GDPR and the new Data Protection Act.
We have taken a risk based prioritisation approach to implementing GDPR into our frameworks and contracts:
View the High Risk CPC Frameworks and Suppliers (opens in new window).
For existing CPC framework contracts you should follow the variations to Call-Off T&Cs and variation guidance documentation available to download at the foot of this page.
As CPC is not a party to the contract between the Member and the Supplier, Members will be responsible for issuing the variation to make these changes into any of your call-off contracts involving the processing of personal data.
Members will be able to use the GDPR clauses to update their own Terms and Conditions or update their own Call-Off Terms and Conditions as necessary.
The call-off Deed of Variation Guidance, the proposed Deed of variation and the GDPR clauses are for use within your own institutions Terms and Conditions, which you may want to start sending to your high-risk suppliers.
You should only send this Deed of variation if you initially contracted using the proposed call-off terms and conditions template supplied by the consortium.
You should also check that the Clause numbering in the variation matches your original contract, so that Clause 29 in the original contract is the section covering Data Protection. If not, you will need to amend accordingly.
We will soon advise the agreements and suppliers and confirm the revised Call-Off T&Cs and variation guidance and framework T&Cs are available.
Yes, they are under a duty to comply with law, and the GDPR requires them to insert these provisions.
|Guidance Documents (last updated 11.04.18)|
|Download all guidance files|