GDPR Compliance Journey - 15 Contracts & Agreements

Gydeline

17 May 201805:12

Summary

TLDRIn this video, Mike and Sarah guide viewers through the process of ensuring compliance with the General Data Protection Regulation (GDPR) by reviewing contracts with suppliers and third parties. They emphasize the importance of including specific GDPR elements such as confidentiality, data breach responsibilities, and data protection impact assessments. The hosts use Zoho as a case study, showcasing how the company's GDPR readiness and adherence to contractual terms provide confidence in their data handling practices. The video concludes with a call to action for ongoing supplier assessments and a preview of the next topic: training.

Takeaways

📜 The speaker emphasizes the importance of reviewing contracts with suppliers and third parties to ensure they include the required elements of GDPR.
👨‍⚖️ It is advised to seek legal advice for those unsure about the specifics of GDPR compliance in contracts.
🔍 The GDP art provides specific guidance on what to expect in contracts, including confidentiality, data breach responsibilities, and data protection impact assessments.
🔗 The speaker's website offers a blog post with a how-to section on data processing contracts and the required areas to check for GDPR compliance.
📝 The script mentions the need to verify that contractual terms include details about data deletion, recovery, infringement measures, and data transfers.
🏢 The speaker shares their experience with Zoho, highlighting how the company is taking GDPR seriously and providing necessary documentation.
📑 Zoho's GDPR readiness statement and Terms of Service are mentioned as examples of how a supplier can demonstrate compliance with GDPR requirements.
🔒 The importance of privacy policies being updated in line with GDPR requirements is noted, as shown by Zoho's updated policy.
🤝 The script suggests that having a combination of terms and conditions, privacy notices, and GDPR statements from suppliers helps ensure contractual compliance.
🔄 The process of reviewing contracts with other suppliers involves sending questionnaires and forms to verify their GDPR compliance.
👩‍🏫 The next topic to be discussed in the series is training, indicating an ongoing commitment to GDPR compliance education.

Q & A

What is the primary focus of the video script?
-The primary focus of the video script is on the importance of reviewing contracts in the context of GDPR compliance, ensuring that they contain the necessary elements as mandated by the regulation.
Why is it recommended to seek legal advice when dealing with GDPR and contracts?
-It is recommended to seek legal advice because the presenter is not a lawyer, and legal expertise is crucial for understanding and implementing the specific requirements of GDPR in contracts correctly.
What does the script suggest checking in agreements with suppliers and third parties?
-The script suggests checking that agreements with suppliers and third parties include required elements of GDPR such as confidentiality, breach responsibilities, data protection impact assessments, data deletion or recovery processes, infringement measures, audits or reports, and details of data transfers and technical measures.
What is a GDPR readiness statement and why is it important?
-A GDPR readiness statement is a document provided by a supplier that outlines how they are preparing for and implementing measures to comply with GDPR. It is important because it provides assurance to clients that the supplier is taking GDPR compliance seriously.
What is the role of a Terms of Service document in GDPR compliance?
-The Terms of Service document outlines the obligations of both the service provider and the client regarding data protection, including how data is handled, who it might be shared with, and how to lodge complaints, which are all critical aspects of GDPR compliance.
How does the script suggest verifying a supplier's GDPR compliance?
-The script suggests reviewing various documents provided by the supplier, such as the GDPR readiness statement, Terms of Service, and privacy policy, to ensure that they are in line with GDPR requirements and that the necessary contractual terms have been implemented.
What is the significance of a supplier's privacy policy in the context of GDPR?
-A supplier's privacy policy is significant because it should be updated to align with GDPR requirements, detailing how personal data is used, transferred, and protected, which is essential for demonstrating compliance.
What actions have been taken by the company in the script to ensure their suppliers are GDPR compliant?
-The company has reviewed their contract terms of business, checked their major suppliers' documents for GDPR compliance, and in some cases, sent out questionnaires and forms for suppliers to fill in to verify their compliance.
What is the next topic the company plans to discuss in their GDPR compliance journey?
-The next topic the company plans to discuss is training, which is an important aspect of ensuring that all employees are aware of and can follow GDPR requirements.
What is the overall message the script conveys about the importance of contract review in GDPR compliance?
-The overall message is that reviewing and ensuring contracts contain the necessary elements of GDPR is crucial for compliance. It provides confidence that suppliers are meeting the required standards and helps organizations avoid potential non-compliance issues.