Key takeaways from my recent presentation titled “Service Providers v. Data Processors: What Should Your Agreement Address?”  with Lexology and Exterra.

  • As the “business,” the “buck stops with you” as it relates to liability to the individual regarding processing their data.
  • Between you and your service provider/data processor, you can and should impose liability for tasks that you are engaging them to do for you.
  • To comply with your legal obligations under the General Data Protection Regulation, California Consumer Privacy Act and other data protection laws, be sure to perform due diligence on the vendor and ensure that they can deliver to the standard you need.
  •  When performing the due diligence, cover both information security (How will you protect my data from unauthorized access?) AND privacy (What are you allowed to do with my data?)
  • Enter into a data processing agreement with your vendor. GDPR and CCPA have different requirements but make sure that your concerns are addressed.