No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Contracts Are a Hidden Risk in GDPR Compliance

by Cheryl O'Neill
May 24, 2018
in Compliance, Featured
Contracts Are a Hidden Risk in GDPR Compliance

May 25th – the date GDPR enforcement begins is almost here, and most companies are still working towards compliance. Cheryl O’Neill, Director of Product Management at Seal Software, looks at the hidden risk contracts pose for compliance and explains why machine learning techniques are the only way to get actionable visibility into the contract-based data that is flowing into and out of a company. 

Businesses collecting and using customer data across the EU are preparing for the biggest upheaval in data protection law in the last 20 years. With weeks to go, The General Data Protection Regulation (GDPR) comes into force at the end of May, yet most business and IT leaders are still working towards meeting the new compliance mandate.

One of the most important changes that businesses need to be aware of is how individual rights have been affected, in respect to personal data. The GDPR is meant to give individuals more control over the ways in which businesses process their personal data, granting new rights and enhancing those that existed under the outgoing data protection regime.

In its sweeping effort to define and protect the handling of personally identifiable information, the GDPR framework defines a set of triggers for a data impact assessment. Even in cases where data use is lawful, individuals have the right to object at any time and processing must cease unless the controller demonstrates “compelling legitimate grounds” for overriding a request.

Contracts must be reviewed

Regulation and regulatory change is, in many ways, an information game. It is crucial to the GDPR readiness process, as outlined in Article 6 of the directive, to review and update existing contracts and similar templates that have data processing and privacy implications. This step, which also applies to many of the data regulations imposed on industry today such as PCI DSS and SOX, requires knowing where pertinent documents are, and what’s inside of them.

It is not unusual for an organization to have hundreds of thousands of contracts that will all need to be analyzed for GDPR-relevant clauses. Contracts that relate to the mandate must be identified so that action can be taken to support compliance itself. This means finding these contracts and going through each and every one of them to determine which ones need to be revised or re-papered, and then executing on the revised language.

The information that is pulled may include language on data breach obligations, as indicated in the contract documents, to ensure it is understood and complies with GDPR requirements. Contractual agreements with data processors, or other vendors that may come into contact with data subject to GDPR, should also be reviewed for clauses that define their scope.

If this is not enough, the GDPR says that a complaint process must be in place to ensure all new contracts are handled properly. Heaven forbid a single contract goes unnoticed that doesn’t have the proper indemnification language in it, and suddenly the company is at risk.

Technology drives compliance

It’s important to note that GDPR will be an ongoing process, not a one-time data fix. For many companies, getting into compliance requires employing armies of reviewers to read through each contract, flag and prioritize it for remediation. It’s a costly process that is inefficient, typically stretching out over weeks and often months, and unavoidably prone to error.

Especially at the enterprise level where thousands upon thousands of items must be reviewed, companies are also using analytics as a way to discover the contractual documents that apply to the GDPR, and to understand what terms are contained in them so they can be properly processed and brought into alignment.

Artificial intelligence is in many ways a game changer in that it has taken this activity out of the costly, unreliable domain of manual processing. Automated platforms using AI can be pointed at the various places where contracts and agreements are suspected to reside, identify them and go to work using a series of algorithms that make them easily classified and searchable.

The latest AI-powered, insight tools can be taught to correspond to both the direct requirements and the indirect implications of the GDPR. For example, the GDPR stipulates that data impact assessment called a DPIA must be conducted for certain types of data processing. Although not necessarily required, by implication, a well-drafted contract also will address items such as the frequency of the DPIA and whether the assessment must be conducted by an independent party.

Machine learning is the key

The long list of topics that must be addressed for compliance according to the terms of the GDPR will keep business leaders awake at night. Familiar and ubiquitous contractual terms spanning subcontracting of data processing and indemnification of data events to force majeure, data processing agreements, termination of rights pertaining to a data event, limitation of liability, and a host of other contractual subjects are specifically under GDPR oversight.

Seal Software has found that companies without clarity into contracts and similar documents often flounder when handling these very topics. One way the Seal platform addresses this is by using an AI method called machine learning to search contracts using refined policies of relevance to GDPR, such as contractual terms or clause combinations.

Particularly for organizations with contracts and other fragmented data sitting across multiple silos and owned by different business units, but lacking a complete enterprise view, machine learning techniques are the only way to get actionable visibility into the contract-based data that is flowing into and out of a company.

The imperative is to put real power into hands of those who need reliable information to make smart, strategic decisions about the GDPR, and with enforcement right around the corner, the time to act is now.


Tags: Contract ManagementGDPR
Previous Post

GDPR Data Protection Using Encryption and Pseudonymization

Next Post

Cross-Border Payment Compliance: What to Know as GDPR Kicks Off

Cheryl O'Neill

Cheryl O'Neill

Cheryl O’Neill is the Director of Product Management at Seal. Cheryl has 20 years of information management, security and compliance experience in a range of technical, sales, and marketing roles at Documentum, Autonomy, HP, and Imperva. Cheryl has worked with the largest financial services, life science, and Fortune 100 companies to safely secure and manage sensitive and regulated data. Most recently Cheryl has focused on GDPR compliance within the Fortune 2000. About Seal Software Seal Software is the leading provider of contract discovery, data extraction, and analytics. With Seal’s machine learning and natural language processing technologies, companies can find contracts of any file type across their networks, quickly understand what risks or opportunities are hidden in their contracts and place them in a centralized repository. Based in San Francisco, Seal empowers enterprises around the world to maximize revenue opportunities, reduce costs, and mitigate risks associated with contractual documents, systems, and processes. For more information, visit Seal Software at www.seal-software.com.  

Related Posts

wall of filing cabinets holding private information

Wave of State Data Protection Laws Is a Gathering Compliance Nightmare

by Scott Allendevaux
September 26, 2023

In absence of a single national data privacy law, companies continue to face a multi-state balancing act. Data privacy practitioner...

bundle of papers with binder clips

Managing Contracts Good First Step Under EU’s New Sustainability Directive

by Jim Leason and Ossian Nilsson
September 12, 2023

The EU’s updated Corporate Sustainability Reporting Directive (CSRD) went into effect this year, and the first wave of companies covered...

theater marquee showing covid shutdown

Was Covid Pandemic an Act of God? Depends on the Contract.

by Gretchen L. Jankowski and Jacqueline M. Weyand
September 4, 2023

Force majeure provisions in contracts haven’t garnered much attention over the years. But the Covid-19 pandemic appears to have changed...

data privacy on bumper sticker

A National Privacy Law Doesn’t Appear on the Near-Horizon in the US. Globally, It’s a Different Story.

by Kevin Coy and Erin Doyle
August 8, 2023

International law around data privacy continues to evolve as jurisdictions around the world seek to develop and refine their regulatory...

Next Post
GDPR

Cross-Border Payment Compliance: What to Know as GDPR Kicks Off

Available SQ
New call-to-action

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT