Interested in training for your team? Click here to learn more

Data Processing Agreements: Understanding the Pain Points, Negotiating Key Terms, Ensuring Regulatory Compliance

Breaking Down What a DPA Is, How it Works, and Why All Businesses Need Them

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, December 17, 2024

Recorded event now available

or call 1-800-926-7926

This CLE webinar will guide corporate and technology counsel in negotiating data processing agreements (DPAs). DPAs are an essential but often overlooked part of data security for businesses. The panel will break down the pain points when negotiating DPAs and provide compromise tips to help ensure a path to execution.

Description

It's hard to imagine a business today that doesn't need a DPA--or rather several such contracts--to cover data-processing activities outsourced to web hosting, cloud storage, customer relationship management, and a roster of other service providers. Generally, under California's Consumer Privacy Protection Act, and other states' data privacy laws, if you're processing the personal data of individuals, you must have a DPA. Failure to comply with these requirements can result in significant penalties.

DPAs are a contract between the company that needs personal data to be processed (the data controller) and the company that processes data on behalf of other companies (the data processor). A DPA establishes the roles and responsibilities of both the data processor and the data controller, and it sets out the terms under which data will be processed. The problem is that DPA templates, whether provided by a data controller or a data processor, rarely stick to the bare bones of what the relevant laws require. Thus, negotiating various nonessential terms can greatly prolong the path to execution.

Listen as our authoritative panel breaks down best practices for drafting effective and compliant DPAs, and how to work through the pain points of negotiating the nonessential terms. The panel will also provide tips for compromising on various terms from the perspective of both the data processor and the data controller.

READ MORE

Outline

  1. Purpose of a DPA
  2. When is DPA required
  3. Compliance with regulatory requirements
    1. CCPA
    2. Other U.S. states that have laws governing DPAs
  4. Penalties for noncompliance
  5. Negotiating key terms of a DPA
    1. Limitation of liability
    2. Use of subprocessors
    3. Security measures
    4. Responding to data breaches
    5. Audit rights

Benefits

The panel will review these and other relevant issues:

  • Which data protection laws require DPAs?
  • What are the required terms of a DPA?
  • What are the privacy and security considerations for DPAs?
  • What are the key considerations and what to watch out for when signing a DPA?
  • Do processors have to sign a DPA with their subprocessors?
  • What are the top pain points when negotiating DPAs, and what are some key compromise tips?
  • What are the penalties for noncompliance with the DPA requirements of the CCPA, and other states' privacy laws?

Faculty

Allen, Leighton
Leighton B.R. Allen

Associate
Foley & Lardner

Mr. Allen negotiates favorable commercial contracts for organizations in the areas of software as a service (SaaS)...  |  Read More

Ross, Susan
Susan L. Ross

Senior Counsel
Norton Rose Fulbright US

Ms. Ross’ practice focused on technology and U.S. privacy matters. Her extensive experience with technology and...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video