Are Your Contracts GDPR Compliant?

Enforcement of the European Union’s sweeping privacy law, the General Data Protection Regulation (GDPR) begins May 25. Unfortunately, many companies remain unprepared. Gartner estimates that 50 percent of companies affected by GDPR will not be in full compliance with its requirements on the date of implementation.

Organizations need to move quickly to determine contract risk exposure, protect data within contracts, and provide a view into obligations for Data Protection Officers (DPOs). Otherwise, they may face severe penalties under the new regulations.

What is GDPR?

Passed in April 2016, GDPR aims to standardize data privacy laws across Europe and to change the way enterprises across the region treat data privacy.

GDPR requires companies to make dramatic changes in the way data is stored, managed, shared, and transferred. Organizations will need to streamline their internal processes to secure the data of their customers, partners, and employees. They will also be responsible for ensuring that their partners and third-party data processors are GDPR compliant.

To ensure compliance, companies must:

• Include necessary privacy terms and clauses in their customer and partner agreements
• Manage a new set of obligations related to how data is handled, particularly when activities are conducted with partners or third parties
• Examine their contract management process to identify its capabilities and potential gaps

Who Needs to Comply?

GDPR applies to all organizations that offer goods or services to, or monitor the behavior of, EU citizens. Any firm that does global business online is very likely impacted.

Penalties for Non-Compliance

The penalties for non-compliance with GDPR requirements are staggering, and the rules apply to both controllers and processors, meaning companies that store data with third parties—including those who store data on the cloud—will not be exempt. For the most serious breaches—not having sufficient customer consent to collect and process data or violating the core of Privacy by Design concepts—organizations can be fined a maximum of 4 percent of annual global revenue.

How to Ensure Your Organization’s Compliance

The Icertis Content Management (ICM) platform’s GDPR Compliance app helps organizations accelerate contract compliance and avoid the harsh penalties.

Some features of the ICM GDPR Compliance app include:

• GDPR privacy terms and clause library
• Rule-based Data Protection Addendum (DPA) creation and dynamic clause inclusion]
• Full tracking of processor obligations and fulfillment
• A 360-degree view to quickly flag non-compliant agreements
• AI-enabled smart search across existing contracts
• A dedicated portal from which processors can sign and update their GDPR compliance
• Highly secured, permission-based infrastructure that keeps data encrypted – at rest and in transit

Over one million users at global organizations such as 3M, ABB, BASF, Daimler, Microsoft, and Sanofi trust the ICM platform to manage billions of dollars’ worth of contracts and stay in compliance with regulatory requirements around the world. Visit our GDPR page for more information about how Icertis can help your organization become compliant with these new requirements.