GDPR in Europe: What it Means for In-House Counsel

By Chris Combs

GDPR in Europe

Legislative rules and regulations have been in place for years to ensure businesses effectively manage and protect consumers’ personally identifiable information (PII). This information can include everything from healthcare information to passport information as well as banking and credit card information.

Globally-speaking, these rules and regulations have been hit and miss, varying widely and often being inconsistent.

In recent years, however, companies and governments have begun to store more personal data, requiring all of us to rethink what the absolute requirements for data protection should be. And this has been the catalyst for the new General Data Protection Regulation or GDPR laws that were recently set to be enacted in Europe.

What is GDPR Exactly?

General Data Protection Regulation or GDPR is a comprehensive set of new rules that mandate how PII data must be managed not only for European companies, but for any company doing business in Europe or with European customers. The mandate, which was adopted in April of 2016, becomes enforceable on May 25, 2018.

While GDPR encompasses a variety of features of the management and processing of PII, one of the biggest roles in compliance will be the tracking, extraction and analysis of data within European contract agreements. Here are three specific areas where you can expect contract data to play a big role moving forward:

  1. Data Breach Obligations

It will become even more imperative that team members understand the ramifications and obligations for data breaches. Specifically the obligations around customer notification indicated within contracts. Having this information at your fingertips in a moment of crisis the first step in complying with GDPR requirements.

  1. Confirming Contractual Agreements

You will need to confirm contractual agreements with data processors and other 3rd party vendors that may come into contact with PII and other critical corporate information. Your team will likely need to do some legal review to ensure the appropriate clauses have been identified and still meet compliance requirements. Some privacy clauses may need to be rewritten or re-negotiated if not compliant with GDPR. Make sure your team has legal review technology to accomplish this efficiently.

  1. Dark Data

If only PII was always perfectly noted in key areas of contracts tracking this information would be much easier. Unfortunately, PII tends to sometimes be hidden, within contract agreement fine print. This becomes a very risky situation when the information, sometimes called "dark data" is hidden in unstructured contracts that are simply unsearchable.

What Does This Mean for Your Company Contracts?

Well, it means if you work in Europe or do business with Europeans, you had better be prepared for these new regulations that are officially landing in two months. Penalties for non-compliance are harsh. Fines can be as much as 20,000,000 Euros (over 21 million in US dollars) or 4% of annual revenues, depending on the offense.

One of the first steps to take in preparation is to get all of your privacy policies, procedures and documentation in order, keep it organized and always up to date. The Data Protection Authorities can ask to see them at any time.

Beyond this, here are a few more things your business should do to prepare for GDPR:

  • If your organization has over 250 employees, you will need to appoint a data protection officer who will act as the point person for all data protection activities.
  • Check to see if your privacy policies need to be re-written. The new guidelines require that they be written in plain ol’ English.
  • How will you handle data subject and data deletion requests? You’ll need to ensure you have processes and procedures in place to do so.

And finally, you’ll need to make sure all of your unsearchable contract documents are converted into a searchable format so that PII and other dark data can easily be found. LinkSquares layers on powerful search technology to help companies easily track and extract data, ensuring GDPR compliance.

If you’re not ready for GDPR or other potential compliance issues around contracts, get in touch with us today. We’ll help you minimize legal risk, stay compliant and cut legal review costs.

Topics: Contract Management legal Risk