10101 0010

X

FORTUNE 500 COMPANY CONTRACT PROFILE

1. Bird & Bird Guide to the General Data Protection Regulation, May 2107

2. A strategic approach to vendor-management under GDPR, Feb 28, 2017, iapp.org, Alexandra Ross, Senior Global Privacy and Data Security Counsel, CIPP/E, CIPP/US, CIPM, FIP

All other stats sourced through Seal Software and Apogee Legal

GDPRREADY

GDPRREADY

GDPRREADY

GDPRREADY

GDPRREADY

GDPRREADY

FORTUNE 500 COMPANY CONTRACT PROFILE

FORTUNE 500 COMPANY CONTRACT PROFILE

FORTUNE 500 COMPANY CONTRACT PROFILE

GDPR INSIGHT™

DETERMINING IF CONTRACTS ARE GDPR COMPLIANT AND INCIDENT READY

GDPR “COMPLIANT” CONTRACTS ARE ADEQUATE UNTIL AN INCIDENT

GDPR “READY” CONTRACTS PREPARE A BUSINESS FOR INCIDENTS

To be GDPR “compliant” a business must assay that its contracts meet a minimum set

of requirements• Data transfer requirements

• Notice obligations• Data handling requirements

• Data privacy obligations

To be GDPR “ready” a business must significantly expand

its insight into its contracts• Identification of lead supervisory authority,

and use of published, approved form of contract clauses1

• Expose potential liabilities• Ensure real time access to contractual

obligations for incident response readiness

Deep inventory of contracts provides a baseline for comprehensive GDPR insight

10M+Number of Contracts

72Repositories storing

contracts

8Unsearchable and

non-digital formats

Contracts containing data privacy provisions

Fast and Repeatable Automated ContractClassification Speeds Analysis, Scoring and Insights

Contract Analysis Pinpoints and Extracts Relevant Clauses

01011101 0010

CLASSIFY CONTRACTS

• Templates• Content

Which contract vary from the standard templates?

Which contacts address data security and privacy laws?

Which contracts have a data processing addendum?

4GDPR topics relevant

to vendor management2

58% 1M+GDPR relevant

clauses in contractsContracts relevant

to GDPR

Actionable Insights

REMEDIATION • Sync data for

vendorvisibility and

management• Incident response

What are the top 10 non-compliant topic areas?

Which vendors have the most non-compliant contracts?

Which contracts are pertinent following an incident?

50Provisions now

being tracked and analyzed for GDPR

5 7Real-time incident response analysis

reports

Monthly GDPR preparative

reports

Contract Scoring Organizes and Prioritizes Contracts For Remediation

CONTRACT SCORING

• Major topics• Key elements

How many GDPR topics are addressed in the contract?

Does the contract include all necessary data processing terms and instructions?

Does the contract include all necessary liability terms, including indemnities?

32%Meet the gold

standard

53% 41%Relevant contracts

requiring minor amendment

Relevant contracts requiring major

amendment

24Number of gold

standard clauses

6 200K*

75% 22% 15%

Seal Inquiry response time

Time required for Seal to extract clauses

HOU

RS

CLAU

SES INSTANT

QUERY RESPONSE

GDPR INSIGHT™

AUTOMATING CONTRACT COMPLIANCE AND INCIDENT READINESS

Dovetailing contract discovery, active machine learning, and contract analytics with GDPR specific regulatory requirements provides actionable

insights, GDPR readiness and incident response reporting.

To learn more contact us at:www.seal-software.com

© Copyright 2017 | Seal Software Group Confidential and Proprietary

Contracts that vary from templates

Contracts containing data security

provisions

SAVING TIME AND MONEY, WHILE IMPROVING CONSISTENCY

AND COVERAGE

ENSURING CONTRACTS ARE GDPR COMPLIANT

AND READY

• Identify and collect all contracts,across all repositories, in any format

• Automate the categorization,clause analysis and scoring process

• Connecting contract data withspend management to uncover risk

and ROI opportunities.

• Find and compare relevantclauses to the gold standard

• Simplify and accelerate theremediation process

• Ask and get insightful answersto the tough questions – fast

CONTRACT ANALYSIS

• Identify GDPRtopics

• Extract clausesmeta data

!

FORTUNE 500 COMPANY CONTRACT PROFILE

FIND CONTRACTS

• All locations• Any Format

10101

123

123

FORTUNE 500 COMPANY CONTRACT PROFILE

Clause Comparison Against Gold Standard Language Flags Compliance Gaps

CLAUSE COMPARISON

• Identifynon-compliant

clauses• Inventory missing

clauses

Which contracts clauses match the gold standard clauses?

What are the relevant non-standard clauses?

What are the relevant clauses found in HR department contracts?

How many contracts exist? Where are they? How to centralize them for review?

Are there any non-English contracts?

Are all the contracts searchable? Are they normalized for analysis?

#

Which data transfer clause is used in each contract?

Which clauses cover data response obligations?

Which clauses address sub- contracting of data processing?

Article 28(1)-(3): Processor obligationsArticle 24(1): Controllers

Article 29: Processing under the authority of the controller or processorArticle 46(1): Transfer subject to appropriate safeguards

101010 0 1 0

101010 0 1 0101010 0 1 0

101010 0 1 0

X

*Actual performance may vary depending on configuration and content