GDPR Compliance Journey - 15 Contracts & Agreements
Summary
TLDRIn this video, Mike and Sarah guide viewers through the process of ensuring compliance with the General Data Protection Regulation (GDPR) by reviewing contracts with suppliers and third parties. They emphasize the importance of including specific GDPR elements such as confidentiality, data breach responsibilities, and data protection impact assessments. The hosts use Zoho as a case study, showcasing how the company's GDPR readiness and adherence to contractual terms provide confidence in their data handling practices. The video concludes with a call to action for ongoing supplier assessments and a preview of the next topic: training.
Takeaways
- 📜 The speaker emphasizes the importance of reviewing contracts with suppliers and third parties to ensure they include the required elements of GDPR.
- 👨⚖️ It is advised to seek legal advice for those unsure about the specifics of GDPR compliance in contracts.
- 🔍 The GDP art provides specific guidance on what to expect in contracts, including confidentiality, data breach responsibilities, and data protection impact assessments.
- 🔗 The speaker's website offers a blog post with a how-to section on data processing contracts and the required areas to check for GDPR compliance.
- 📝 The script mentions the need to verify that contractual terms include details about data deletion, recovery, infringement measures, and data transfers.
- 🏢 The speaker shares their experience with Zoho, highlighting how the company is taking GDPR seriously and providing necessary documentation.
- 📑 Zoho's GDPR readiness statement and Terms of Service are mentioned as examples of how a supplier can demonstrate compliance with GDPR requirements.
- 🔒 The importance of privacy policies being updated in line with GDPR requirements is noted, as shown by Zoho's updated policy.
- 🤝 The script suggests that having a combination of terms and conditions, privacy notices, and GDPR statements from suppliers helps ensure contractual compliance.
- 🔄 The process of reviewing contracts with other suppliers involves sending questionnaires and forms to verify their GDPR compliance.
- 👩🏫 The next topic to be discussed in the series is training, indicating an ongoing commitment to GDPR compliance education.
Q & A
What is the primary focus of the video script?
-The primary focus of the video script is on the importance of reviewing contracts in the context of GDPR compliance, ensuring that they contain the necessary elements as mandated by the regulation.
Why is it recommended to seek legal advice when dealing with GDPR and contracts?
-It is recommended to seek legal advice because the presenter is not a lawyer, and legal expertise is crucial for understanding and implementing the specific requirements of GDPR in contracts correctly.
What does the script suggest checking in agreements with suppliers and third parties?
-The script suggests checking that agreements with suppliers and third parties include required elements of GDPR such as confidentiality, breach responsibilities, data protection impact assessments, data deletion or recovery processes, infringement measures, audits or reports, and details of data transfers and technical measures.
What is a GDPR readiness statement and why is it important?
-A GDPR readiness statement is a document provided by a supplier that outlines how they are preparing for and implementing measures to comply with GDPR. It is important because it provides assurance to clients that the supplier is taking GDPR compliance seriously.
What is the role of a Terms of Service document in GDPR compliance?
-The Terms of Service document outlines the obligations of both the service provider and the client regarding data protection, including how data is handled, who it might be shared with, and how to lodge complaints, which are all critical aspects of GDPR compliance.
How does the script suggest verifying a supplier's GDPR compliance?
-The script suggests reviewing various documents provided by the supplier, such as the GDPR readiness statement, Terms of Service, and privacy policy, to ensure that they are in line with GDPR requirements and that the necessary contractual terms have been implemented.
What is the significance of a supplier's privacy policy in the context of GDPR?
-A supplier's privacy policy is significant because it should be updated to align with GDPR requirements, detailing how personal data is used, transferred, and protected, which is essential for demonstrating compliance.
What actions have been taken by the company in the script to ensure their suppliers are GDPR compliant?
-The company has reviewed their contract terms of business, checked their major suppliers' documents for GDPR compliance, and in some cases, sent out questionnaires and forms for suppliers to fill in to verify their compliance.
What is the next topic the company plans to discuss in their GDPR compliance journey?
-The next topic the company plans to discuss is training, which is an important aspect of ensuring that all employees are aware of and can follow GDPR requirements.
What is the overall message the script conveys about the importance of contract review in GDPR compliance?
-The overall message is that reviewing and ensuring contracts contain the necessary elements of GDPR is crucial for compliance. It provides confidence that suppliers are meeting the required standards and helps organizations avoid potential non-compliance issues.
Outlines
📜 Contract Review for GDPR Compliance
This paragraph introduces the topic of contract review in the context of GDPR compliance. The speaker, Mike Sarah, emphasizes the importance of consulting legal advice despite not being a lawyer. The General Data Protection Regulation (GDPR) provides specific guidance on contract requirements, which include elements like confidentiality, data breach responsibilities, data protection impact assessments, data deletion and recovery procedures, infringement measures, data transfers, and technical measures. The speaker suggests reviewing agreements with suppliers and third parties to ensure these elements are included. They also mention their website's article on data processing contracts and the required areas to check, such as audits, reports, and technical measures.
🔍 Zoho's GDPR Readiness and Contract Terms
The second paragraph delves into the practical steps taken by the speaker to review their organization's contracts with suppliers, using Zoho as a case study. Zoho is highlighted for its serious approach to GDPR compliance, with a readiness statement and additional documents available on their website. These documents include a Terms of Service agreement that outlines data infringement, obligations of both parties, and complaint procedures, as well as a privacy policy updated to align with GDPR requirements. The speaker notes that not all providers may be as compliant, indicating an ongoing process of verification and potentially sending questionnaires to suppliers to ensure they meet the necessary standards.
Mindmap
Keywords
💡GDPR
💡Contracts
💡Confidentiality
💡Data Breach
💡Data Protection Impact Assessments (DPIAs)
💡Data Deletion and Recovery
💡Infringement Measures
💡Data Processing
💡Audits and Reports
💡Technical Measures
💡Zoho
💡Privacy Policy
💡Terms of Service
Highlights
Introduction to the GDP compliance journey series with Mike and Sarah.
Clarification that the presenters are not lawyers and legal advice should be sought for specific issues.
The importance of reviewing contracts with suppliers and third parties to ensure GDP requirements are included.
GDPR's specific guidance on the elements that should be expected in contracts.
The availability of the required elements checklist on the guideline website.
Discussion on confidentiality responsibilities in contracts.
The necessity to include breach requirements in data processing contracts.
The need for data protection impact assessments as part of contract terms.
Details on data deletion or recovery processes in contracts.
Inclusion of infringement measures to be implemented and tested within contracts.
Identification of third-party data processors and on-word processing in contracts.
The requirement for audits or reports to be available as per GDPR.
Details of data transfers and technical measures specified in contracts.
Review of contract terms of business to ensure GDPR compliance.
Zoho's GDPR readiness statement and the measures they are putting in place.
Zoho's Terms of Service detailing infringement, data transfer obligations, and complaint procedures.
Zoho's updated privacy policy in line with GDPR requirements.
The overall positive impression from Zoho regarding their GDPR compliance efforts.
The ongoing work to check supplier requirements and the use of questionnaires for verification.
The next topic in the GDP compliance journey series will be training.
Transcripts
[Music]
hi I'm Mike Sarah and welcome back once
again to our GDP our compliance journey
this time we are talking contracts now
important to say that I'm not a lawyer
and so always best to seek legal advice
if you're not sure
however the GDP art does give some
specific guidance on what you should
expect to find in contracts so you need
to be thinking about reviewing the
agreements you have with your suppliers
and third parties to check that they
have the required elements of GDP are
included inside them so let's go ahead
and take a look at these requirements
we've got them listed on our website so
here we are at the guideline website and
we have an article on our blog about
data processing contracts and if you
look at this we've got a how-to section
which talks about the required areas
that we need to be looking at so these
are confidentiality responsibilities
about breach if there's any requirement
to do data protection impact assessments
how data will be deleted or recovered
any infringement measures that should be
implemented and tested details of
anybody else that is sent the data to
process or on word processing what
audits or reports are available and
details of data transfers and technical
measures those are the specifically
required elements so we just need to be
checking that they are all included so
those are the areas that are mandated as
part of the GD P R now what we've done
is to review our contract terms of
business and suchlike to check that
those are included so let's have a look
at those of one of our major suppliers
and we'll see if those elements are
there so those of you that might have
watched some of our previous GDP
ourjourney videos you'll know that we
use Zoho for a lot of our systems and
we're quite lucky in that they seem to
be taking GDP are very very
seriously you may not always find this
with your providers but they have a GDP
our readiness statement on their website
and talks about how they are preparing
some of the measures that they are
putting in place and so therefore that
enables us to check that some of the
implementation and measures that are
required as part of the contractual
terms have been implemented by Zoho
there are further documents that they
provide that enable us to see the sorts
of things that they're doing so as an
example there is a Terms of Service
which talks about infringement the
service they provide who the information
might be sent to obligations of
ourselves and of Zoho who they transfer
information to how we lodge a complaint
and and this always also links in to
their own privacy policy which again has
been updated to be in line with GDP our
requirement so this talks about the use
of data transfers children's protection
how information stored so really the
message is that we're getting a good
feeling from Zoho we're pulling out from
these different documents which overall
form our contract with them the kinds of
information we need to check that we
have the agreements in place that give
us the confidence that they are doing
what we need it's not always the case
with all our providers that they are
doing what they need to do until there's
an ongoing piece of work to check those
requirements however I hope that by
showing you these few documents
and in the case of Zoho you can see we
have a terms and conditions we have a
privacy notice and we have gdpr
statements from the suppliers themselves
that together these documents help us to
check the contractor and the agreement
position that we have with these
organizations so there you have it
that's a quick review on how we've
checked with Zoho we've done similar
reviews with other suppliers and in some
cases we have sent questionnaires and
forms out for suppliers to fill in to
check that they are doing what they need
to be doing I hope you found that useful
next time we're talking about training
so until then we hope you find your
compliant simple
Browse More Related Video
![](https://i.ytimg.com/vi/a99IE8y_1cU/hq720.jpg)
GDPR Compliance Journey - 06 Data Protection Impact Assessment
![](https://i.ytimg.com/vi/GWdnKme7-Zk/hq720.jpg)
GDPR Compliance Journey - 18 Reviews and Third Party Reviews
![](https://i.ytimg.com/vi/i-IXNr9u2-w/hq720.jpg)
GDPR Compliance Journey - 14 Process Documentation
![](https://i.ytimg.com/vi/o8-058VyUOI/hq720.jpg)
Data Inventories and Data Maps: The Cornerstone to GDPR Compliance
![](https://i.ytimg.com/vi/3IDnuvs0kNs/hq720.jpg?v=65e1ef52)
How to Implement GDPR Part 2 :Roadmap for Implementation
![](https://i.ytimg.com/vi/-S-DbVoXpd4/hq720.jpg)
Keynote: Are You Ready for GDPR? - Michele Appello
5.0 / 5 (0 votes)