UK’s Information Commissioner’s Office provides guidance and checklists on contracts between controllers and processors unedr GDPR.
The GDPR makes written contracts between controllers and processors a general requirement, rather than just a way of demonstrating compliance with the seventh data protection principle (appropriate security measures) under the DPA. These contracts must now include certain specific terms, as a minimum.