Documents‎ > ‎

Information Processing Agreement (IPA)


This Information Processing Agreement (IPA) sets out the conditions upon which PKB with process Personal Data under contract to a health care provider. PKB is a Data Processor and the health care provider is the Data Controller. The IPA details the Scope and Purpose for Processing (Clause 3), sets forth obligations for Compliance with Data Protection Laws (Clause 2) and clarifies the position both parties will take to ensure The Rights of Data Subjects are met (Clause 5).

This IPA is similar to most health care providers' local IPA. The PKB IPA references specific requirements and obligations placed upon each party as signatories to the agreement. One area that may differ from the health providers’ local IPA is Data Retention and Deletion (Clause 9). PKB will retain all data processed under this agreement based on the Retention Schedule detailed in Appendix 3 of the Records Management Code of Practice, Health and Social Care 2016.

As part of this processing agreement, the obligations placed upon each party are clearly defined and carefully mapped to prevailing Data Protection legislation. Personal Data Breaches and Reporting Procedures are defined in Clause 11. Complaints by Data Subjects or Investigations by the Data Protection Authority are clarified in Clause 13.

Schedules 3 and 4 of the IPA describe the Security Measures and Information Security Controls that PKB will warrant as a signatory to this agreement.