Brussels partner Paul Van den Bulck authored an article published Sept. 20 in L’Echo, a Belgian business newspaper, about upcoming requirements governing information technology outsourcing contracts in the European Union.
In the article, Van den Bulck walked readers through several key points that will warrant attention by contracting parties after the EU’s General Regulations on the Protection of Personal Data (GDPR) take effect in May 2018.
Van den Bulck noted that the primary duty of the contracting authority, or person responsible for processing personal data, is the choice of a subcontractor who offers sufficient guarantees regarding technical and organization measures that meet GDPR requirements and the protection of the rights of individuals whose data is being processed.
“This obligation goes beyond the choice of the main subcontractor,” he wrote. “The contracting authority must also approve, in accordance with various mechanisms provided for by the GDPR, the chain of other providers to whom its main subcontractor may appeal.”
Van den Bulck focuses his practice at McGuireWoods on IT, data privacy and security, intellectual property, media and entertainment and fair trade practices.