GDPR Compliance: Why You Can't Afford to Wait & How to Prepare
May 25th – the date GDPR enforcement begins is almost here, and most companies are still working towards compliance. While this state of affairs is not unexpected, the political climate for data privacy is shifting quickly following the continuous revelations from Facebook and others regarding the abuse of personal data. No one should be surprised if the social platforms are the first companies challenged following the GDPR enforcement date, but the challenges will not stop there.
GDPR is unlike most regulations, in that there are multiple triggers for investigations. GDPR investigations may be triggered by a:
- Data subject or someone acting on their behalf;
- Data breach incident; or
- Government audit.
Data Privacy Violations are Expensive
The implications of this are that companies should not assume that they have a time buffer before they need to respond to a GDPR request or challenge. The on-going negative press will fuel a desire to make early examples of companies that fail to take reasonable steps towards compliance. Following the whistle-blower’s disclosure of the Cambridge Analytica’s data exploitation, Facebook stock dropped, wiping out $100b in company value. The Information Commissioner’s Office (ICO) and Federal Trade Commission are both investigating Facebook’s data privacy practices. The FTC investigation could result in a penalty of up to $2tn for data privacy violations. If the Facebook breach occurred after May 25, 2018, a maximum GDPR fine of €1.3bn could be imposed. The cost totality of the Facebook breach and privacy issues will not be known for years – but what is clear is that it is having a material effect on the company.
Contracts Must be Reviewed for GDPR Compliance
A critical step in the GDPR readiness process is reviewing and updating existing contracts (per GDPR Article 6) and templates that have data processing and privacy implications. For many companies, this will mean employing armies of contract reviewers to read through each contract and flag prioritize them for remediation. The process is inefficient, inaccurate, time-consuming, and expensive.
Seal GDPR Insight™ Analyzes Contracts for 100 GDPR Data Points, Saving Time & Money
Fortunately, Seal has a GDPR solution. Combining the industry-leading contracts discovery and analytics of the Seal platform with Apogee Legal’s expertise in the design and implementation of custom contract analytics, GDPR Insight™ seamlessly provides insights into your GDPR compliance and readiness. Moreover, it can help reduce time and cost of GDPR readiness and add on-going value through monitoring and incident response capabilities.
By analyzing more than 100 data points supported by hundreds of analytics, GPDR Insight™ can provide six and seven-figure costs savings at scale compared to traditional, human-only review.
GDPR Insight™ expands a company’s insight into their contracts both document-by-document and across their entire contract population. Within the Seal Platform, companies can use Apogee Legal’s score carding system, comparing related GDPR topics generally and specifically to determine compliance levels. Chart A below illustrates how four different agreements stack up against the various Audit & Inspection Rights at play under GDPR. The MSA USACo agreement contains language on all the topics, while the remaining agreements all come up short (to some degree) across the related topics.
With this information at the document level, companies can begin to triage and implement a remediation plan to address deficient agreements. Chart B below demonstrates how score carding can be applied at the document population level. With compliance information aggregated, companies can quickly determine which agreements require bespoke or blanket amendment.
Avoid GDPR Risks and Fines, Act Now
With EU enforcement around the corner, the time to act is now. GDPR Insight™ is the most advanced solution to this immediate legal challenge. Contact Seal Software or Apogee Legal today and get control of your contracts for GDPR.
To learn more about GDPR Insight™ view the GDPR Webinar Series: Watch Now