We purchased the comprehensive web services contract in 2015 and my question is, in light of GDPR should we purchase the updated equivalent contract (which presumably includes GDPR compliant data processing clauses), or could we purchase the separate GDPR data processing agreement and issue that to clients as an updated schedule to the original contract? The latter is my preference, as the consequences of re-issuing entirely new draft contracts to clients will be significant time required by both parties in revisiting previously agreed terms and conditions.
Look forward to receiving your response in due course.
Alasdair Taylor's Answer
Either approach can work. If you are supplementing an existing contract with a DPA, a few points to check are: (i) that you dis-apply any existing clauses covering the same ground where appropriate; (ii) that the other provisions of the existing contract are consistent with the DPA – check in particular the licensing, confidentiality, termination, security and sub-contracting clauses.