Mastering Data Processing Agreements - Drafting, Negotiating & Mitigating Risk

Introduction

The GDPR and UK GDPR require data controllers to put in place a data processing agreement with their data processors that addresses certain baseline requirements, but there is no one standard template and many organisations will seek to impose their own DPA, the terms of which may be disadvantageous to the other party.

Failing to put in place an appropriate agreement can not only expose your organisation to significant liability in the event of a data breach or unlawful processing of personal data, and adversely impact your ability to put things right, but also to regulatory investigation and penalties of up to 2% of annual global turnover.

Understand the requirements of a compliant data processing agreement, improve your understanding of the implications of provisions in data processing agreements and the associated risks and identify when and how you can achieve a better outcome for your organisation when drafting and negotiating data processing agreements, with practical advice on your options for revising or incorporating new contractual provisions.

You should attend this session if you draft, review, negotiate or audit data processing agreements and want to gain a better understanding of market standard practice and your options for tailoring data processing agreements according to their risk profile to better protect your organisation.

What You Will Learn

This live and interactive course will cover the following:

• Your obligations when selecting a data processor, the requirements data processors must fulfil and how you can build these into your data processing agreement
• The mandatory requirements of a data processing agreement to comply with the requirements of the GDPR and UK GDPR
• The types of data processing agreement and the interaction between data processing agreements and broader contracts
• Market standard provisions in data processing agreements by reference to common suppliers’ terms and the associated risks
• The preparation and analysis of a template data processing agreement
• Risk-based options for negotiating provisions within data processing agreements, with controller and processor friendly approaches, including:
• Security measures
• Co-operation in relation to conducting a data protection impact assessment
• Appointing sub-processors
• Transferring personal data to third countries and co-operation in relation to conducting a data transfer impact assessment
• Co-operation in relation to data subject rights
• Notification obligations in relation to incidents and data breaches
• Data retention and destruction.
• Further provisions you should consider including in your data processing agreements to minimise your risk, including in relation to liability in the event of a data breach or unlawful processing and insurance requirements.

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.