The Sirion Blog
NEWS, IDEAS, AND INSIGHTS FROM THE SIRION TEAM
Reading the Fine Print: Are Your Commercial Contracts GDPR Compliant?
Right now is the right time to do a GDPR review.
Data is the new oil.
But, in light of the present situation with the COVID-19 pandemic, data could be an even more critical resource and asset for enterprises around the world. As with everything related to the virus – be it the distribution of stimulus funds or the dissemination of critical healthcare information – cyber criminals have pivoted their activity to focus on the global pandemic.
With an ever-increasing number of businesses transitioning to a remote operations model, ransomware attacks have shot up by 148 percent. In a recent report, VMWare’s security research arm noted that hackers have been leveraging the chaos caused by the pandemic to launch phishing attacks, fake apps and maps, trojans, backdoors, crypto miners, botnets, and more.
What to Look for When You Do a GDPR Review
Besides the obvious focus on force majeure, BCP and DR clauses in your commercial contracts, it seems like your next point of review should be around GDPR and other data security clauses. After all, according to EU’s guidelines, your business could stand to pay 4 percent of its global revenue or up to EUR 20 million as penalties for failing to comply with the GDPR directive, and even more in case of a data breach.
First and foremost, GDPR requires businesses processing and storing large volumes of personal data to appoint a Data Protection Officer (DPO). While you might have already hired a DPO in line with the directive, you will need to go a step further and reference the DPO, where required, across all relevant internal documents, including your commercial contracts. Amending all active contracts to reference the DPO is likely to be a lengthy, but essential, contract review process.
But it’s not only about revising your contracts to include the name of your DPO, which is just one of the many changes that need to be implemented in light of the GDPR directive. Defined terms, which are used to interpret the legal language of a contract also need to be revisited and are going to be an essential part of your GDPR review. For example, the definition of ‘consent’ and ‘genetic data’ in the context of data collection and sharing has been revised by the EU to reflect the provisions of GDPR that govern ‘sensitive personal data’.
In practice you will need to review all your third-party contracts to;
a) check if the current language complies with the standard definitions of GDPR,
b) request and/or implement changes to align a parent contract’s language with the directive’s terms, and,
c) cascade those changes down to every associated subcontract/child document to ensure that the entire business relationship meets regulatory standards.
In the absence of a CLM solution that can automate and execute legal review and contract changes, this task alone could prove to be a massive cost-intensive undertaking.
Sirion for GDPR and Other Compliance-centric Contract Analysis
Sirion’s AI-led risk analytics and contract metadata, clause, and obligation extraction engine simplifies the process of running legal reviews on all your third-party contracts stored in the platform’s digital repository. Using machine learning and natural language processing (NLP), the Sirion platform can crawl through contracts, highlight those with missing GDPR provisions, clauses, and dated definitions, and enable you to quickly request for and implement changes. Using Sirion’s authoring module, you can select standardized GDPR and other data security clauses from the enterprise clause library to quickly update an existing contract and collaborate with other teams within the organization using native chat and parallel editing capabilities in MS Word to have the change(s) reviewed in real-time. From there the revised contract document can be sent through approval loops using configurable workflows and signed off. Moreover, once a contract has been digitized, you can easily update metadata fields, such as the DPO’s name, across a complex contract document package, or multiple contracts with a single click. In effect, you could be looking at up to a 60% reduction in manual effort by automating these processes with Sirion.
Want to learn more about how we are helping businesses use AI to simplify their legal review processes? Just leave a comment below or drop us a line at email@example.com.