When the University employs a third party to provide a service on its behalf that involves the disclosure and use of personal data as part of the service (for example a consultant, mailing company, software provider, data hosting or analysing service, or other service provider that handles the University's personal data on its behalf), the University must have a written contract (data processing agreement) in place to ensure that such personal data is appropriately protected. GDPR makes specific requirements around the content of such agreements.
The University's template data processing agreement is available here:
Data Processing Agreement (Office document, 92kB)
The Information Governance Team also have other template data processing agreements that may be suitable for use in some circumstances, including a short-form agreement.
Please contact the Information Governance Team if you require any advice in relation to the use or introduction of data processing agreements.