November 29, 2022

Volume XII, Number 333


November 28, 2022

Subscribe to Latest Legal News and Analysis

Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

In a CLE webinar earlier this week, Malcolm Dowden (Partner, London) and Niloufar Massachi (Associate, Los Angeles) discussed evaluating, drafting, and updating vendor agreements to meet the privacy and security requirements of new US privacy laws and the GDPR.

The new laws in California, Virginia, Colorado, Utah, and Connecticut, which will take effect beginning January 1, 2023, create additional requirements for vendor agreements beyond what is currently required under California’s currently in effect California Consumer Privacy Act (CCPA). Meanwhile, many businesses are also adapting to the new Standard Contractual Clauses (SCCs) that were adopted by the EU and UK as an adequate data transfer mechanism. Although the new SCCs resolve certain practical issues businesses faced when using the old SCCs, they also introduce new obligations for businesses that transfer personal data. Material differences between GDPR and new US state law requirements present drafting challenges to creating a DPA that covers UK/EU and the new US laws. For more information on the new requirements and tips to help navigate this complex and rapidly changing area, see their program materials available here.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 269

About this Author


Malcolm Dowden is a partner in the firm’s Data Privacy, Cybersecurity & Digital Assets Practice. Malcolm has more than 25 years’ experience advising UK and international clients on a wide range of technology, data protection, privacy and electronic communications issues.

Malcolm has a particular focus on planning and implementing cross-border data and privacy law compliance strategies. His experience covers EU GDPR, UK GDPR and (through liaison with local counsel) Dubai International Financial Centre (DIFC), Abu Dhabi Global Market (ADGM),...

Niloufar Massachi Associate Cybersecurity Data Privacy Squire Patton Boggs

Nilou Massachi is an associate in the Data Privacy & Cybersecurity Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.

A certified information privacy professional (CIPP/US), Nilou works collaboratively with clients to develop and implement information governance and privacy compliance programs. Counseling multinational companies spanning a variety of industries, she regularly evaluates privacy impact assessments, drafts policies and procedures for...