Enforcement of the European Union’s sweeping privacy law, the General Data Protection Regulation (GDPR) begins May 25. Unfortunately, many companies remain unprepared. Gartner estimates that 50 percent of companies affected by GDPR will not be in full compliance with its requirements on the date of implementation.
Organizations need to move quickly to determine contract risk exposure, protect data within contracts, and provide a view into obligations for Data Protection Officers (DPOs). Otherwise, they may face severe penalties under the new regulations.
What is GDPR?
Passed in April 2016, GDPR aims to standardize data privacy laws across Europe and to change the way enterprises across the region treat data privacy.
GDPR requires companies to make dramatic changes in the way data is stored, managed, shared, and transferred. Organizations will need to streamline their internal processes to secure the data of their customers, partners, and employees. They will also be responsible for ensuring that their partners and third-party data processors are GDPR compliant.
To ensure compliance, companies must:
Include necessary privacy terms and clauses in their customer and partner agreements
Manage a new set of obligations related to how data is handled, particularly when activities are conducted with partners or third parties
Examine their contract management process to identify its capabilities and potential gaps
Who Needs to Comply?
GDPR applies to all organizations that offer goods or services to, or monitor the behavior of, EU citizens. Any firm that does global business online is very likely impacted.
Penalties for Non-Compliance
The penalties for non-compliance with GDPR requirements are staggering, and the rules apply to both controllers and processors, meaning companies that store data with third parties—including those who store data on the cloud—will not be exempt. For the most serious breaches—not having sufficient customer consent to collect and process data or violating the core of Privacy by Design concepts—organizations can be fined a maximum of 4 percent of annual global revenue.
Some features of the ICM GDPR Compliance app include:
GDPR privacy terms and clause library
Rule-based Data Protection Addendum (DPA) creation and dynamic clause inclusion]
Full tracking of processor obligations and fulfillment
A 360-degree view to quickly flag non-compliant agreements
AI-enabled smart search across existing contracts
A dedicated portal from which processors can sign and update their GDPR compliance
Highly secured, permission-based infrastructure that keeps data encrypted – at rest and in transit
Over one million users at global organizations such as 3M, ABB, Daimler, Microsoft, and Sanofi trust the ICM platform to manage billions of dollars’ worth of contracts and stay in compliance with regulatory requirements around the world. Visit our GDPR page for more information about how Icertis can help your organization become compliant with these new requirements.
Icertis Remains a Leader in the Q1 2021 Forrester Wave
Icertis has again been recognized as a Leader in the Forrester Wave: Contract Lifecycle Management For All Contracts Q1 2021 report. This is the second consecutive Wave report to recognize Icertis as a Leader. Read the report and learn more about the impact of CLM and why Icertis has been named a Leader.