TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

The audit section in a services agreement contains the provisions that specify a party’s right to access and review another party’s information in order to determine such party’s compliance with the agreement. Depending on the scope of audit rights, the audit section can range from a single paragraph to an entire exhibit to the contract.

Many considerations go into drafting appropriate audit rights, including the types of services that the customer is receiving, and the industry in which the customer’s business operates. In many cases, the customer is the auditing party and the service provider is the audited party, but there are situations where the roles will be reversed. Below is an overview of several key issues to consider when drafting audit rights for services agreements.

Forbes has listed its top outsourcing trends in the Asia-Pacific (APAC) region for 2019. The APAC region has long been the dominant region for outsourcing, although it is facing competition from emerging outsourcing markets in other regions. Trends include the growing presence of outsourcing in Malaysia, shifting resource models, and personnel shortages.

Outsourcing agreements are typically long-term arrangements and the functions outsourced, whether IT or business processes, often key to the continued operation of the customer’s business. It is therefore important that both the customer and the supplier undertake due diligence prior to entering into such arrangements to ensure that, for example, both parties are clear as to the customer’s service requirements and objectives and how these will be met by the supplier.

In this post, we look at due diligence from the perspective of both the customer and the supplier.

In business process outsourcing (BPO) transactions, some of the toughest negotiation points often involve responsibility for compliance with applicable laws and regulations. If you have negotiated BPO transactions, you know that there is not an industry position that can be applied across the board on all deals. We find key determiners as to how responsibility is allocated to include the type and size of the transaction, whether the service is a “utility” or one to many model, the intended scope of the service offering, impact to fees (if any), vendor capabilities, and negotiating leverage.

Morgan Lewis will co-host an interactive master workshop on negotiations and contracting geared toward business leaders, sourcing professionals, and in-house counsel who work together on complex transactions such as digital transformations and vendor outsourcing. Edward J. Hansen, Vito Petretti, Donald G. Shelkey and Valerie A. Gross of our Technology, Outsourcing and Commercial Transactions practice will present and lead discussions on topics including:

Towards the end of 2018 we ran a series of Contract Corner blog posts on the GDPR and Data Processing Addendums. (See here and here.) December brought detailed guidance from the UK Information Commission’s Office (ICO) on contracts and GDPR compliance (the New Guidance), which replaces draft guidance previously issued as part of a consultation by the ICO in 2017 (the Draft Guidance).

The process of “going digital” has drastically affected the outsourcing market in recent years. During their webinar, Outsourcing Across the Globe—Going Digital, Ed Hansen, Simon Lightman, Barbara Melby, and Mike Pierides will discuss how to prepare for the future of outsourcing and leading trends that will impact outsourcing transactions globally in 2019. Topics will include the following:

  • Privacy considerations for Europe, China, and beyond
  • The increasing impact of automation
  • Using the contract to mitigate risk

The webinar will be held on Wednesday, January 23, 2019, from 12:00 pm to 1:00 pm ET (5:00 to 6:00 pm GMT).

Register for the webinar.

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

In Part 1 of this series, we looked at the prevalence of standalone data processing addendums (DPAs) as a means to comply with rules on engaging third-party outsourcers under the EU General Data Protection Regulation (GDPR). In particular, we focused on the risks associated with “one size fits all” precedence clauses. In this Part 2, we take a detailed look at some of the commercial issues arising from DPAs, the GDPR’s mandated contract requirements.

What’s the Issue?

Article 28 of the GDPR includes a set of mandated data processing clauses that are broader in scope than the contract requirements under previous EU data protection laws. In addition, despite the GDPR having been in force for more than six months now, it is still uncertain how regulators will interpret and enforce Article 28.

As a result, parties to outsourcing agreements can find themselves in protracted discussions around which party bears the cost of implementing Article 28. Below are some key areas of focus in the context of outsourcing agreements.

Although the EU’s General Data Protection Regulation (GDPR) has been in force for more than six months, many organizations are still getting to grips with some of the practical requirements, including ensuring that their contracts comply with Article 28, which mandates a number of key clauses if personal data is being processed under the service agreement.

With potentially hundreds of in-scope contracts, customers and suppliers alike have developed standard-form data processing addendums (DPAs) or similar contract documents in order to address these Article 28 requirements. DPAs are fast becoming the preferred approach for both new agreements and existing contracts.