Revised PPN on changes to data protection legislation

On 18 May 2018, the Crown Commercial Service (CCS) published PPN 02/18 for contracting authorities in England and Wales.  PPN 02/18 updates and replaces PPN 03/17, and contains enhanced guidance and clarification in a number of key areas relating to data protection, as follows: controllers and processors contract liabilities joint controllers crown to crown data agreements expired/legacy contracts protective measures enhancements to the standard generic clauses in Annex A For any contract amendments yet to be agreed and for new contracts to be let after May 25, the PPN states that contracting authorities ‘should use the provisions of this PPN including the updated standard generic clauses at Annex A’.  For contracts that ‘concern law enforcement processing, amendments should take effect from the date that the Data Protection Bill comes into force.’  The Data Protection Bill received Royal Assent on 23 May 2018 and became the Data Protection Act 2018. On 24 May 2018, the Data Protection Act 2018 (Commencement No 1 and Transitional and Saving Provisions) Regulations 2018 (SI 2018/625) were made.  These regulations set out the dates that various provisions in the Act will come into force. 

CCS publishes GDPR customer toolkit

On 13 April 2018, the Crown Commercial Service (CCS) published the GDPR Customer Toolkit Guidance (Toolkit). The Toolkit is aimed at customers of CCS (i.e.  those public bodies currently using CCS commercial agreements) and is intended to aid buyers in making the necessary changes to CCS call-offs (and other contracts) to comply with GDPR. However, it provides useful general guidance for all organisations processing personal data, together with steps to be taken by them. The toolkit includes: a contract change notice to reflect new data protection laws a Schedule for Processing, Personal Data and Data Subjects example terms and conditions to be adapted by the buyer i.e. variation to the framework agreement The Government has already issued procurement policy guidance on GDPR, setting out what the new specific terms are and how they should be used in public sector contracts.  This is contained in the  Procurement Policy Note (PPN) 03/17, which was published in December 2017.

Practical contracting – memoranda of understanding, etc

From time to time, the service is consulted about the application and interpretation of documents of a preliminary nature to a contract, such as memoranda of understanding.  Generally, these will be employed where a formal contract is anticipated, but the parties may not wish, or be in a position, yet to enter into a detailed and binding commitment. Each document requires to be considered in the light of the relevant circumstances, which will vary from one arrangement to another.  There are certain general considerations, however, that should be borne in mind when dealing with such matters – as follows: Terminology – various terms are used to describe the documents, such as memoranda of understanding, letters of intent, heads of agreement, terms sheets.  The use of one of these titles may reflect the practice of a particular sector or party.  They have no particular legal significance or meaning, however, and are not conclusive of the legal effect of the document, which will depend ultimately on the assessment by a court of the contents and other relevant evidence. Uncertainty – in particular, the legal status of such documents – ie whether or not they are of a binding nature – can be uncertain.  Accordingly, we recommend that any such document should clarify the intentions of the parties in this regard. Ancillary provisions Read Full Article…

CCS guidance on GDPR and DPA 2018

On 7 February 2018, the Crown Commercial Service (CCS) published a correction to Procurement Policy Note 03/17 (PPN) published on 19 December 2017. As reported in issue 88 of this newsletter, the PPN contains guidance on how existing and new contracts can be brought into line with the requirements in the EU General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018), which will come into force on 25 May.  The PPN includes a set of standard generic terms and conditions covering GDPR that can be added into relevant contracts. The correction is regarding an error in clause 1.13 which was corrected on 17 January 2018 to reinstate the control of the Customer.  This clause now states: ‘The Customer may, at any time on not less than 30 Working Days’ notice, revise this clause by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when incorporated by attachment to this Agreement).’ Although in-scope organisations are restricted to central government departments, their executive agencies and non-departmental public bodies, the guidance observes that other public bodies are subject to the new data protection legislation and may wish to apply the approach set out in the PPN 03/17.

Can a contracting authority allow a tender to be corrected after the tender deadline?

Although the case is Scottish, and decided under the Scottish regulations, the decision is of interest to all procurement professionals for the way it applies the EU principles of proportionality and equal treatment. The Court considered several authorities on tender errors and clarifications. For contracting authorities, this case highlights the perils associated with exercising flexibility in applying their own specified instructions to tenders in terms of the principles of proportionality and equal treatment. Read Full Article…