General Data Protection Regulation (GDPR)
Contract management framework
Identifying, collecting, and analyzing contracts and managing and negotiating GDPR contract amendments can be burdensome and expensive for organizations whose contracting resources are already stretched to the limit. Deloitte’s GDPR contract management framework can help organizations comply with the GDPR while enabling the contracting teams to focus on meeting the organization’s demanding business circumstances.
Our three-phased framework for GDPR
The GDPR (effective May 25, 2018) imposes new privacy compliance obligations on organizations and their ecosystems. The GDPR supersedes the EU Data Protection Directive (the “Directive,” implemented October 24, 1998). Organizations that have agreements with suppliers and service providers that comply with the Directive may need to update those agreements to comply with the GDPR. Additionally, organizations that were not subject to the Directive may now be subject to the GDPR.
Our three-phased framework provides a flexible and scalable approach designed to assist clients in their GDPR contracting compliance efforts. Phase one involves project planning, contract collection, and contract data hosting. Phase two is the contract analysis phase. Phase three involves assistance in amendment processing and negotiation.
Phase one: Planning, collection, hosting
We will work with you to identify your contract universe. Some organizations have centralized contract management systems, while other organizations have decentralized contract repositories. Whatever the state of your organization, we have the resources to adapt to your environment to provide assistance in identifying and collecting your contracts. Once the contracts are identified and collected, we will create a review repository from which we will work with you to prioritize contracts for analysis and amendment.
Phase two: Contract analysis
After the contract review repository is created, we will use artificial intelligence (AI) and machine learning algorithms to parse contract terms in an effort to identify contracts that may need to be amended. By using AI, we are able to identify the contracts that may need to be amended more rapidly than human reviewers can. Additionally, the algorithms “learn” what contract terms are privacy-related in a manner that is often more effective and efficient than text searching.
Phase three: Amendment processing and assistance
After the contracts and applicable privacy language are identified, we will assist you in the management of the amendment processing, transmitting client-approved amendments to your suppliers and service providers, and managing the workflow related to the executed amendments. If requested, we can also augment your contracting team to assist in the amendment process with your suppliers and service providers, using client-provided GDPR contract language and escalation guidelines.
Additional services and potential benefits
If your organization has not yet implemented a contract management system, we can assist you in migrating contracts and data into a system of your choice. Alternatively, you can consider a Deloitte-hosted contract management system for these contracts.