Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance. This article discusses when an organization should enter into a DPA with a vendor, an overview of U.S. DPA requirements, key considerations when negotiating a DPA, and some other key aspects of vendor management from a U.S. data privacy perspective besides entering into a DPA.
