Seal Software - GDPR INSIGHT · 2019-02-28 · gdpr y gdpr y gdpr y fortune 500 company contract...
Transcript of Seal Software - GDPR INSIGHT · 2019-02-28 · gdpr y gdpr y gdpr y fortune 500 company contract...
10101 0010
X
FORTUNE 500 COMPANY CONTRACT PROFILE
1. Bird & Bird Guide to the General Data Protection Regulation, May 2107
2. A strategic approach to vendor-management under GDPR, Feb 28, 2017, iapp.org, Alexandra Ross, Senior Global Privacy and Data Security Counsel, CIPP/E, CIPP/US, CIPM, FIP
All other stats sourced through Seal Software and Apogee Legal
GDPRREADY
GDPRREADY
GDPRREADY
GDPRREADY
GDPRREADY
GDPRREADY
FORTUNE 500 COMPANY CONTRACT PROFILE
FORTUNE 500 COMPANY CONTRACT PROFILE
FORTUNE 500 COMPANY CONTRACT PROFILE
GDPR INSIGHT™
DETERMINING IF CONTRACTS ARE GDPR COMPLIANT AND INCIDENT READY
GDPR “COMPLIANT” CONTRACTS ARE ADEQUATE UNTIL AN INCIDENT
GDPR “READY” CONTRACTS PREPARE A BUSINESS FOR INCIDENTS
To be GDPR “compliant” a business must assay that its contracts meet a minimum set
of requirements• Data transfer requirements
• Notice obligations• Data handling requirements
• Data privacy obligations
To be GDPR “ready” a business must significantly expand
its insight into its contracts• Identification of lead supervisory authority,
and use of published, approved form of contract clauses1
• Expose potential liabilities• Ensure real time access to contractual
obligations for incident response readiness
Deep inventory of contracts provides a baseline for comprehensive GDPR insight
10M+Number of Contracts
72Repositories storing
contracts
8Unsearchable and
non-digital formats
Contracts containing data privacy provisions
Fast and Repeatable Automated ContractClassification Speeds Analysis, Scoring and Insights
Contract Analysis Pinpoints and Extracts Relevant Clauses
01011101 0010
CLASSIFY CONTRACTS
• Templates• Content
Which contract vary from the standard templates?
Which contacts address data security and privacy laws?
Which contracts have a data processing addendum?
4GDPR topics relevant
to vendor management2
58% 1M+GDPR relevant
clauses in contractsContracts relevant
to GDPR
Actionable Insights
REMEDIATION • Sync data for
vendorvisibility and
management• Incident response
What are the top 10 non-compliant topic areas?
Which vendors have the most non-compliant contracts?
Which contracts are pertinent following an incident?
50Provisions now
being tracked and analyzed for GDPR
5 7Real-time incident response analysis
reports
Monthly GDPR preparative
reports
Contract Scoring Organizes and Prioritizes Contracts For Remediation
CONTRACT SCORING
• Major topics• Key elements
How many GDPR topics are addressed in the contract?
Does the contract include all necessary data processing terms and instructions?
Does the contract include all necessary liability terms, including indemnities?
32%Meet the gold
standard
53% 41%Relevant contracts
requiring minor amendment
Relevant contracts requiring major
amendment
24Number of gold
standard clauses
6 200K*
75% 22% 15%
Seal Inquiry response time
Time required for Seal to extract clauses
HOU
RS
CLAU
SES INSTANT
QUERY RESPONSE
GDPR INSIGHT™
AUTOMATING CONTRACT COMPLIANCE AND INCIDENT READINESS
Dovetailing contract discovery, active machine learning, and contract analytics with GDPR specific regulatory requirements provides actionable
insights, GDPR readiness and incident response reporting.
To learn more contact us at:www.seal-software.com
© Copyright 2017 | Seal Software Group Confidential and Proprietary
Contracts that vary from templates
Contracts containing data security
provisions
SAVING TIME AND MONEY, WHILE IMPROVING CONSISTENCY
AND COVERAGE
ENSURING CONTRACTS ARE GDPR COMPLIANT
AND READY
• Identify and collect all contracts,across all repositories, in any format
• Automate the categorization,clause analysis and scoring process
• Connecting contract data withspend management to uncover risk
and ROI opportunities.
• Find and compare relevantclauses to the gold standard
• Simplify and accelerate theremediation process
• Ask and get insightful answersto the tough questions – fast
CONTRACT ANALYSIS
• Identify GDPRtopics
• Extract clausesmeta data
!
FORTUNE 500 COMPANY CONTRACT PROFILE
FIND CONTRACTS
• All locations• Any Format
10101
123
123
FORTUNE 500 COMPANY CONTRACT PROFILE
Clause Comparison Against Gold Standard Language Flags Compliance Gaps
CLAUSE COMPARISON
• Identifynon-compliant
clauses• Inventory missing
clauses
Which contracts clauses match the gold standard clauses?
What are the relevant non-standard clauses?
What are the relevant clauses found in HR department contracts?
How many contracts exist? Where are they? How to centralize them for review?
Are there any non-English contracts?
Are all the contracts searchable? Are they normalized for analysis?
#
Which data transfer clause is used in each contract?
Which clauses cover data response obligations?
Which clauses address sub- contracting of data processing?
Article 28(1)-(3): Processor obligationsArticle 24(1): Controllers
Article 29: Processing under the authority of the controller or processorArticle 46(1): Transfer subject to appropriate safeguards
101010 0 1 0
101010 0 1 0101010 0 1 0
101010 0 1 0
X
*Actual performance may vary depending on configuration and content