Data Protection Contract Management
Practical guidelines on how to evaluate, negotiate and draft data protection agreements/clauses under the EU General Data Protection Regulation (GDPR).
Gijs van Dijck, Professor of Private Law, Maastricht University
Paolo Balboni, Professor of Privacy Law, Maastricht University
In this course data protection implications of the most common IT contracts are analysed, relevant parties' duties and obligations are identified, and guidance on how to correctly deal with them in the related data protection agreements/clauses is provided.
The following questions are addressed:
- How is an IT contract commonly structured?
- Which are the data protection implications of the IT services analysed?
- Actors, roles and responsibilities: who is involved and who is responsible for what?
- Should you conduct a preliminary Data Protection Impact Assessment?
- How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk?
- How to comply with the principles of Data Protection by Design and by Default?
- Who should keep the record of processing activities and how?
- How to deal with possible personal data breaches?
- How to identify issues in IT contracts?
- How to deal with limitation of liability, hold harmless, and indemnity clauses?
- How to negotiate appropriate data processing agreements/data protection clauses?
- How to draft robust data processing agreements/data protection clauses?
- How to regulate contractual and data protection-related disputes?