Drafting Vendor Agreements to Comply With CPRA, CCPA, and GDPR Requirements: New Standard Clauses
Privacy Enforcement Authority, Compliance, and Accountability Standards; Sensitive Personal Information
Recording of a 90-minute CLE video webinar with Q&A
This CLE webinar will guide business and technology counsel on drafting and updating technology vendor agreements to meet the privacy requirements of the California Privacy Rights Act (CPRA). The panel will discuss the evolving privacy landscape and provide practical advice to ensure that businesses abide by the stricter protections for consumers by reviewing requirements for compliance, differences in the scope of application with the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDRP) new standard clauses, and due diligence tactics for evaluating existing technology vendor agreements.
Outline
- History of CPRA/CCPA/GDPR
- Changes in CPRA
- New criteria for which businesses are regulated
- The new category of "sensitive personal information"
- New and expanded consumer privacy rights
- Creation of a new privacy enforcement authority
- Performing due diligence on existing vendor agreements for CPRA compliance
- Drafting new vendor contracts or amending existing contracts: language to include
- Tips for implementing an effective vendor risk management program
Benefits
The panel will review these and other relevant topics:
- What are the major expansions of privacy regulations under CPRA?
- What are the key features of CPRA as it relates to vendor relationships and risk exposure?
- How does one determine if a business is subject to CPRA and what constitutes "sensitive personal information"?
- What are steps companies and their counsel should take immediately to ensure vendor agreements comply with CCPA?
- What effect will the California privacy enforcement authority have on compliance with CPRA?
- How have GDPR principles been incorporated into CPRA?
Faculty

Aaron J. Burstein
Partner
Kelley Drye & Warren
Mr. Burstein provides legal advice on privacy, information security, and marketing laws and best practices, including... | Read More
Mr. Burstein provides legal advice on privacy, information security, and marketing laws and best practices, including compliance with federal and state laws throughout the U.S. As regulations such as the California Consumer Privacy Act (CCPA) bring significant changes to the legal landscape, he helps clients evolve their business practices to manage risk. In addition to counselling clients on the privacy and security issues that come up in the course of day-to-day business, Mr. Burstein also advises clients on legislative and regulatory developments affecting cutting-edge technologies such as drones and connected vehicles.
Close
Malcolm Dowden
Partner
Squire Patton Boggs
Mr. Dowden has more than 25 years’ experience advising UK and international clients on a wide range of... | Read More
Mr. Dowden has more than 25 years’ experience advising UK and international clients on a wide range of technology, data protection, privacy and electronic communications issues. He has a particular focus on planning and implementing cross-border data and privacy law compliance strategies. Mr. Dowden’s experience covers EU GDPR, UK GDPR and (through liaison with local counsel) Dubai International Financial Centre (DIFC), Abu Dhabi Global Market (ADGM), Singapore, Kenya, South Africa and India. He also regularly advises businesses and government bodies on the contractual, technical and organisational measures required to support international transfers of personal data following the European Court of Justice (ECJ) ruling in Schrems II.
Close
Niloufar Massachi
Attorney
Squire Patton Boggs
Ms. Massachi is an associate in the Data Privacy, Cybersecurity & Digital Assets Practice. She focuses her practice... | Read More
Ms. Massachi is an associate in the Data Privacy, Cybersecurity & Digital Assets Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.
Close