Common use of EU GDPR Compliance Clause in Contracts

EU GDPR Compliance. The Commonwealth of Kentucky requires all vendor contracts to comply with the European Union’s General Data Privacy Regulation [Regulation (EU) 2016/679] (the “GDPR”) when the Commonwealth is a “controller” or “processor” of “personal data” from an individual “data subject” located in the European Union, as those terms are defined in the GDPR. The Contractor acknowledges and agrees that it is acting as a “processor” of “personal data” for the Commonwealth under this Agreement and that all applicable requirements of the GDPR are incorporated by reference as material terms of this Agreement. The Contractor represents and warrants that (1) it is aware of and understands its compliance obligations as a “processor” under GDPR; (2) it has adopted a GDPR compliance policy/program, a copy of which has been provided to the Commonwealth; (3) it will process “personal data” only in accordance with the Commonwealth’s instructions; and (4) with regard to its obligations under this Agreement, it shall comply with all applicable requirements of the GDPR to the same extent as adopted by the Commonwealth. Additionally, the Contractor shall indemnify and hold harmless the Commonwealth, and its employees from and against any claims, demands, suits, damages, penalties, fines, or costs arising from any violation of GDPR by the Contractor.