I have a data processor who had asked my business as controller to complete their Controller-to-Processor agreements for GDPR compliance. One clause states that they will appoint a sub-processor if they choose without my consent. Under Article 28 (2) it states that a sub-processor cannot be appointed without explicit consent of the controller.
Now the agreement was signed by the previous business owner and this has just been noticed by myself - i'm also not happy with them as a business. My question is whether this clause invalidates the contract under 'Performance of contract' because it's against what companies are obligated to do under GDPR. I hope that makes sense.
Some help would be appreciated by someone with contract experience as i don't want to play this wrongly.
Now the agreement was signed by the previous business owner and this has just been noticed by myself - i'm also not happy with them as a business. My question is whether this clause invalidates the contract under 'Performance of contract' because it's against what companies are obligated to do under GDPR. I hope that makes sense.
Some help would be appreciated by someone with contract experience as i don't want to play this wrongly.
Comment