Privacy
Software Agreement
North Carolina
Software agreement and GDPR compliance?
I am the founder of a software company that is looking to enter into a software agreement with a new client. We are in the process of finalizing the agreement but I am concerned that it may not be compliant with the General Data Protection Regulation (GDPR). I want to make sure that the agreement is compliant with GDPR so that our company is not at risk of any legal action or penalties.
1 Attorney answer
Answer
Privacy
North Carolina
Nicholas M.
ContractsCounsel verified
You are smart to consider GDPR, but also should consider US Privacy Policies in connection with the agreement. There are several states the already have GDPR level of privacy policies and over 20 states with bills introduced as well. A well formed policy will consider the data collected, where it is stored and how it is transferred, who has access to the data, the purpose of the data for use in the app, the ability to sell or reuse the data for additional purposes, and when the data should be deleted. This process should be contemplated and consistent within employee manuals, data access procedures, and implemented in master services agreements across all vendors, subcontractors, and suppliers. One final note is that you need to practice what you write, because a published privacy policy that is not followed may be considered a deceptive trade practice by the FTC resulting in fines on top of the costs of a breach.