Drafting Vendor Agreements to Comply With EU GDPR: Steps to Take Now

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, January 31, 2019

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will guide business and technology counsel for drafting or updating technology vendor agreements to meet the data protection and privacy requirements of the 2018 EU General Data Protection Regulation (GDPR). The panel will discuss how to determine whether the GDPR applies to a U.S. business, due diligence tactics for evaluating existing technology vendor agreements, and language that should be incorporated in contracts to ensure compliance.


The 2018 GDPR expands the application of EU data protection law by requiring U.S. companies that maintain personal data on European citizens to comply with certain data protection requirements. According to a recent PwC survey, more than half of U.S. multinationals have identified the GDPR as their top data protection priority. Failure to comply with GDPR may cost businesses not only steep fines, but also significant risk to reputation and loss of customer goodwill.

Counsel to U.S. businesses and technology vendors must also determine if their clients' vendor agreements are subject to the GDPR. If so, counsel should guide their clients in carefully evaluating and amending the contracts to ensure they are in line with the new data protection standards.

Counsel should especially strengthen the terms of the vendor agreements addressing liability and indemnity given the potentially significant sanctions for noncompliance with the GDPR.

Listen as our authoritative panel explains the critical requirements of the GDPR and steps companies and their counsel should take to ensure that their business practices and vendor contracts are compliant.



  1. GDPR features
    1. Broader application
    2. Increased penalties
    3. Rights of data subjects
    4. Consent
    5. Breach notification
    6. Direct application to data processors
    7. Data protection authorities
    8. Cross-border data transfers
  2. Determining when GDPR applies to a U.S. company's practices
  3. Performing due diligence on existing technology-vendor agreements for GDPR compliance
  4. Drafting new technology vendor contracts or amending existing contracts—language to include


The panel will review these and other high priority issues:

  • Key features of the GDPR
  • How to determine if a business is subject to the GDPR
  • Steps companies and their counsel should take immediately to ensure technology vendor agreements comply with the GDPR


De Cicco, Diletta
Diletta De Cicco

Mayer Brown

Ms. De Cicco’s practice focuses on privacy and cyber security. She advises clients regarding a wide range of...  |  Read More

Long, William
William Long

Sidley Austin

Mr. Long advises international clients on a variety of social media, data protection, privacy, information security,...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video