Data processing agreements are an important way for controllers and processors to establish roles, responsibilities and liability limitations – it is crucial to get them right. In this second installment of our coverage of a recent seminar sponsored by Strafford CLE Webinars featuring Davis Polk attorneys, we address critical data privacy and security provisions in these agreements. The first article detailed the current risk environment, provided guidance on vendor risk assessment and due diligence, and discussed underlying considerations when negotiating vendor agreements. See “Six Ways to Address Privacy Concerns in Biometric Vendor Contracts” (Mar. 3, 2021).