Drafting Vendor Agreements to Comply With EU GDPR: Steps to Take Now

The 2018 GDPR expands the application of EU data protection law by requiring U.S. companies that maintain personal data on European citizens to comply with certain data protection requirements. According to a recent PwC survey, more than half of U.S. multinationals have identified the GDPR as their top data protection priority. Failure to comply with GDPR may cost businesses not only steep fines, but also significant risk to reputation and loss of customer goodwill.

Counsel to U.S. businesses and technology vendors must also determine if their clients' vendor agreements are subject to the GDPR. If so, counsel should guide their clients in carefully evaluating and amending the contracts to ensure they are in line with the new data protection standards.

Counsel should especially strengthen the terms of the vendor agreements addressing liability and indemnity given the potentially significant sanctions for noncompliance with the GDPR.

Listen as our authoritative panel explains the critical requirements of the GDPR and steps companies and their counsel should take to ensure that their business practices and vendor contracts are compliant.

1. GDPR features
   1. Broader application
   2. Increased penalties
   3. Rights of data subjects
   4. Consent
   5. Breach notification
   6. Direct application to data processors
   7. Data protection authorities
   8. Cross-border data transfers
2. Determining when GDPR applies to a U.S. company's practices
3. Performing due diligence on existing technology-vendor agreements for GDPR compliance
4. Drafting new technology vendor contracts or amending existing contracts—language to include

The panel will review these and other high priority issues:

• Key features of the GDPR
• How to determine if a business is subject to the GDPR
• Steps companies and their counsel should take immediately to ensure technology vendor agreements comply with the GDPR