I was umming and ah’ing about asking this question because I thought I should know it! But I hold my hands up and admit. I am struggling!! Under Article 28 we would need to have a Data Processing Agreement if we engaged with a TP who’d be processing PID on our behalf. Simple enough. However, it turns out the TP is not a “Processor” but will be providing substantive staff to (no. of clinicians) to conduct 3 services. The PID won’t leave our Trust. They will be bound by our confidentiality polices and procedures etc. Will a contract of employment suffice?