In the draft guidance on contracts and liabilities - which is open for consultation - the regulator said some existing contracts may need to be updated to reflect the new requirements, although it has yet to provide any detail about how this might be achieved.
"Any contracts in place on 25 May 2018 will need to meet the new GDPR requirements," the ICO said. "You should therefore check your existing contracts to make sure they contain all the required elements. If they don’t, you should get new contracts drafted and signed. You should review all template contracts you use.
"It would also be prudent to make sure that your processor understands the reasons for the changes and the new obligations that the GDPR puts on it. Your processor should understand that it may be subject to an administrative fine or other sanction if it does not comply with its obligations."
But data protection law expert Marc Dautlich of Pinsent Masons said that the onus is on the European Commission and data protection authorities, like the ICO, to establish new standard clause contracts to help businesses comply with the new requirements.
He added: "It is notable that no codes of conduct or certification schemes are yet available that could help provide assurances of compliance. There are excellent opportunities for trade associations to develop and explore the potential of these mechanisms to build trust and compliance in their industry."
The ICO's consultation on the draft guidance is open until October 10.