Vendor Agreements and the New EU GDPR—Steps to Take Now

Complying With the EU General Data Protection and Privacy Regulation

Recording of a 90-minute CLE webinar with Q&A

Conducted on Tuesday, January 30, 2018

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will provide guidance to business and technology counsel for drafting or updating technology vendor agreements to meet the data protection and privacy requirements of the new EU General Data Protection Regulation (GDPR), which becomes effective in May 2018. The panel will discuss how to determine whether the GDPR applies to a U.S. business, due diligence tactics for evaluating existing technology vendor agreements, and language that should be incorporated in contracts to ensure compliance.


The new GDPR, effective May 2018, significantly expands the application of EU data protection law by requiring U.S. companies that maintain personal data on European citizens to comply with certain data protection requirements. According to a recent PwC survey, more than half of U.S. multinationals have identified the GDPR as their top data protection priority. Failure to comply with GDPR may cost businesses up to 4% of their global revenues in fines.

Counsel to U.S. businesses and technology vendors must immediately determine if their clients’ vendor agreements are subject to the requirements of the GDPR. If so, counsel should guide their clients in carefully evaluating and amending the contracts to ensure they are in line with the new data protection standards.

Counsel should especially consider strengthening the terms of the vendor agreements addressing liability and indemnity in light of the potential for significant sanctions for noncompliance with the GDPR.

Listen as our authoritative panel explains the key requirements of the GDPR and steps companies and their counsel should take in advance of the May 2018 effective date of the expanded data protection law to ensure that their vendor contracts are in compliance.



  1. GDPR—key features
    1. Broader application
    2. Increased penalties
    3. Rights of data subjects
    4. Consent
    5. Breach notification
    6. Direct application to data processors
    7. Data protection authorities
    8. Cross-border data transfers
  2. Determining if the GDPR applies to a U.S. business
  3. Performing due diligence on existing technology vendor agreements for GDPR compliance
  4. Drafting new technology vendor contracts or amending existing contracts—key language to include


The panel will review these and other key issues:

  • Key features of the new GDPR
  • How to determine if a business is subject to the GDPR
  • Steps companies and their counsel should take immediately to ensure technology vendor agreements comply with the GDPR


Long, William
William Long

Sidley Austin

Mr. Long advises international clients on a variety of social media, data protection, privacy, information security,...  |  Read More

Shen, Lei
Lei Shen

Mayer Brown

Ms. Shen practices in the firm’s Cybersecurity & Data Privacy and Technology Transactions Groups. She focuses...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video