Sirion Named a Leader in the
2023 Gartner® Magic Quadrant
for Contract Life Cycle Management.

Download Report
Request Demo Talk to Us
Blog

GDPR Contract Review: How To Read The Fine Print

By Kanti Prabha
Share this

Data is the new oil.

But, in light of the present situation with the COVID-19 pandemic, data could be an even more critical resource and asset for enterprises around the world. As with everything related to the virus – be it the distribution of stimulus funds or the dissemination of critical healthcare information – cyber criminals have pivoted their activity to focus on the global pandemic.

With an ever-increasing number of businesses transitioning to a remote operations model, ransomware attacks have shot up by 148 percent. In a recent report, VMWare’s security research arm noted that hackers have been leveraging the chaos caused by the pandemic to launch phishing attacks, fake apps and maps, trojans, backdoors, crypto miners, botnets, and more.

What to Look for When You Do a GDPR Contract Review

Besides the obvious focus on force majeure, BCP and DR clauses in your commercial contracts, it seems like your next point of review should be around GDPR and other data security clauses. After all, according to EU’s guidelines, your business could stand to pay 4 percent of its global revenue or up to EUR 20 million as penalties for failing to comply with the GDPR directive, and even more in case of a data breach.

First and foremost, GDPR requires businesses processing and storing large volumes of personal data to appoint a Data Protection Officer (DPO). While you might have already hired a DPO in line with the directive, you will need to go a step further and reference the DPO, where required, across all relevant internal documents, including your commercial contracts. Amending all active contracts to reference the DPO is likely to be a lengthy, but essential, contract review process.

But it’s not only about revising your contracts to include the name of your DPO, which is just one of the many changes that need to be implemented in light of the GDPR directive. Defined terms, which are used to interpret the legal language of a contract also need to be revisited and are going to be an essential part of your GDPR review. For example, the definition of ‘consent’ and ‘genetic data’ in the context of data collection and sharing has been revised by the EU to reflect the provisions of GDPR that govern ‘sensitive personal data’.

In practice, you will need to review all your third-party contracts to:

  • Check if the current language complies with the standard definitions of GDPR,
  • Request and/or implement changes to align a parent contract’s language with the directive’s terms
  • Cascade those changes down to every associated subcontract/child document to ensure that the entire business relationship meets regulatory standards

In the absence of a CLM solution that can automate and execute legal review and contract changes, this task alone could prove to be a massive cost-intensive undertaking.

Sirion for GDPR Review and Other Compliance-centric Contract Analysis

Sirion’s AI-led risk analytics and contract metadata, clause, and obligation extraction engine simplifies the process of running legal reviews on all your third-party contracts stored in the platform’s digital repository. Using machine learning and natural language processing (NLP), the Sirion platform can crawl through contracts, highlight those with missing GDPR provisions, clauses, and dated definitions, and enable you to quickly request for and implement changes.

Using Sirion’s authoring module, you can select standardized GDPR and other data security clauses from the enterprise clause library to quickly update an existing contract and collaborate with other teams within the organization using native chat and parallel editing capabilities in MS Word to have the change(s) reviewed in real-time.

From there the revised contract document can be sent through approval loops using configurable workflows and signed off. Moreover, once a contract has been digitized, you can easily update metadata fields, such as the DPO’s name, across a complex contract document package, or multiple contracts with a single click. In effect, you could be looking at up to a 60% reduction in manual effort by automating these processes with Sirion.

Want to learn more about how we are helping businesses use AI to simplify their legal review processes? Just leave a comment below or drop us a line at contact@sirionlabs.com

Table of Contents
Further Reading
Debbie Wilson Contracting Excellence Series

How to Implement a Contract Management Platform that Hits Your Sweet Spot

READ MORE
A group of business people going through a contract negotiation.

AI Contract Negotiation: Insights To Up-level Your Enterprise

READ MORE
CLM for enterprises

Enterprise CLM Software: 5 Key Attributes

READ MORE

Sirion is a Leader

2023 Gartner® Magic Quadrant for Contract
Life Cycle Management

GET THE FULL REPORT

See Sirion in Action

One Platform for your Complete Contract Lifecycle Management Journey

SCHEDULE A DEMO
Blog

GDPR Contract Review: How To Read The Fine Print

By Kanti Prabha
Share this
Table of Contents

Data is the new oil.

But, in light of the present situation with the COVID-19 pandemic, data could be an even more critical resource and asset for enterprises around the world. As with everything related to the virus – be it the distribution of stimulus funds or the dissemination of critical healthcare information – cyber criminals have pivoted their activity to focus on the global pandemic.

With an ever-increasing number of businesses transitioning to a remote operations model, ransomware attacks have shot up by 148 percent. In a recent report, VMWare’s security research arm noted that hackers have been leveraging the chaos caused by the pandemic to launch phishing attacks, fake apps and maps, trojans, backdoors, crypto miners, botnets, and more.

What to Look for When You Do a GDPR Contract Review

Besides the obvious focus on force majeure, BCP and DR clauses in your commercial contracts, it seems like your next point of review should be around GDPR and other data security clauses. After all, according to EU’s guidelines, your business could stand to pay 4 percent of its global revenue or up to EUR 20 million as penalties for failing to comply with the GDPR directive, and even more in case of a data breach.

First and foremost, GDPR requires businesses processing and storing large volumes of personal data to appoint a Data Protection Officer (DPO). While you might have already hired a DPO in line with the directive, you will need to go a step further and reference the DPO, where required, across all relevant internal documents, including your commercial contracts. Amending all active contracts to reference the DPO is likely to be a lengthy, but essential, contract review process.

But it’s not only about revising your contracts to include the name of your DPO, which is just one of the many changes that need to be implemented in light of the GDPR directive. Defined terms, which are used to interpret the legal language of a contract also need to be revisited and are going to be an essential part of your GDPR review. For example, the definition of ‘consent’ and ‘genetic data’ in the context of data collection and sharing has been revised by the EU to reflect the provisions of GDPR that govern ‘sensitive personal data’.

In practice, you will need to review all your third-party contracts to:

  • Check if the current language complies with the standard definitions of GDPR,
  • Request and/or implement changes to align a parent contract’s language with the directive’s terms
  • Cascade those changes down to every associated subcontract/child document to ensure that the entire business relationship meets regulatory standards

In the absence of a CLM solution that can automate and execute legal review and contract changes, this task alone could prove to be a massive cost-intensive undertaking.

Sirion for GDPR Review and Other Compliance-centric Contract Analysis

Sirion’s AI-led risk analytics and contract metadata, clause, and obligation extraction engine simplifies the process of running legal reviews on all your third-party contracts stored in the platform’s digital repository. Using machine learning and natural language processing (NLP), the Sirion platform can crawl through contracts, highlight those with missing GDPR provisions, clauses, and dated definitions, and enable you to quickly request for and implement changes.

Using Sirion’s authoring module, you can select standardized GDPR and other data security clauses from the enterprise clause library to quickly update an existing contract and collaborate with other teams within the organization using native chat and parallel editing capabilities in MS Word to have the change(s) reviewed in real-time.

From there the revised contract document can be sent through approval loops using configurable workflows and signed off. Moreover, once a contract has been digitized, you can easily update metadata fields, such as the DPO’s name, across a complex contract document package, or multiple contracts with a single click. In effect, you could be looking at up to a 60% reduction in manual effort by automating these processes with Sirion.

Want to learn more about how we are helping businesses use AI to simplify their legal review processes? Just leave a comment below or drop us a line at contact@sirionlabs.com

Further Reading
A cartoon laptop with a magnifying glass, depicting a contract compliance audit

Contract Compliance Audit: Overview, Benefits, and Steps

 READ MORE
Discussing post negotiation steps

Defining Affective Post-Negotiation Contract Management

 READ MORE
People discussing pre-negotiation of a contract

Exploring the Pre-Negotiation Phase of the Contract Lifecycle

 READ MORE


Sirion is a Leader

2023 Gartner® Magic Quadrant for Contract
Life Cycle Management

GET THE FULL REPORT

See Sirion in Action

One Platform for your Complete Contract Lifecycle Management Journey

SCHEDULE A DEMO