Vendor Contract GDPR Review
Signing a contract with a US software provider, cloud platform, or marketing tool? We review the agreement and flag every clause that creates GDPR or data sovereignty risk — before you sign.
Every time your company signs a SaaS tool, cloud service, or US software platform, you are entering into a data processing relationship. Under GDPR, you are legally responsible for ensuring your vendors handle personal data correctly — even if you had no idea what was in their terms of service.
Schrems II (2020) invalidated the standard legal basis for EU-US data transfers. Many widely-used tools — Google Workspace, HubSpot, Salesforce, Mailchimp, and others — require specific contractual clauses to be used legally in the EU. Most companies click 'Accept' without reading what they've agreed to.
We review the vendor agreement, terms of service, and data processing addendum. You receive a plain-language report flagging every risk clause with specific recommendations for changes to request from the vendor. Delivered in Swedish or English.
WHAT YOU GET
Full review of vendor contract, DPA, and standard terms
Risk flag report — every problematic clause explained in plain language
Recommended contractual changes to request from the vendor
Schrems II compliance check for US-based vendors
Written verdict: safe to sign / sign with modifications / do not sign
Who needs this | Any company about to sign a contract with a software vendor, cloud provider, CRM, marketing tool, HR system, or any service that will process personal data. |
Timeline | 3–5 business days per contract |
Delivered as | Written review report (PDF) — Swedish or English |
Price | 3,900 kr per contract (discounts for 3+ contracts) |
