by Matt Miller
If you’ve spent any time with the Apogee Legal or Seal Software teams over the last couple of months, you’ve heard a lot about the GDPR Insight Analytic Pack.
From our respective social media feeds, to the Seal Insight Conference presentations in New York, San Francisco and London, and most recently our joint webinar this past Friday morning, our teams have spent a significant amount of time explaining how GDPR Insight will give corporations a better way to efficiently evaluate compliance with the impending May 2018 GDPR enforcement deadline.
During this process, the Apogee and Seal teams have received great follow-up questions on points that we have not had time to address in the confines of a one-hour presentation. In advance of our next webinar on Monday, October 30th we thought it made sense to address some of these FAQ’s and provide additional visibility into how GDPR Insight can plug into a variety of GDPR processes and workflows:
Why do I need this if I’m going to just issue blanket amendments?
Blanket amendments are always a possibility for large compliance projects. However, in our experience they only work for only a fraction of your total contract population. Most vendors of size will not accept or negotiate blanket, general amendments. And with the potential scope of GDPR penalties and fines, we are already seeing substantial pushback from even small to midsize companies. Resistant parties usually will require narrowly crafted changes to existing terms & conditions that are minimally necessary to achieve compliance. GDPR Insight provides you line of sight into the scope of compliance shortcomings in each contract, allowing you to prioritize contracts for amendment and to customize the content of the amendments required.
We’re not an “EU business,” why do I care about GDPR?
Businesses domiciled or with substantial operations in the EU clearly recognize the need to comply with the GDPR. But what’s surprising to many companies without direct operations in the EU, is that they too can be subject to the GDPR. Here’s how.
Under legacy regulations, the definitions of “personally identifiable information” were limited in scope (credit information, etc.); however, under the new regulation, the collection of any of a much broader set of information will trigger GDPR compliance. Examples of that broader set of data can include: IP addresses, cookies, location data, and any information collected to facilitate or indicate “the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
If I put my contracts through GDPR Insight, will it tell me which ones are compliant and which ones aren’t?
Every company has its own standards for what constitutes “GDPR compliance.” As part of the GDPR Insight service delivery process, our teams take the output of the GDPR Insight analysis and generate both executive-level reports and contract-level “scorecards.” Our reports and scorecards provide visibility, both on a contract-by-contract basis and across your contract population, into whether and how your agreements address critical GDPR topics and whether the contracts meet your specific compliance standards.
Can you customize GDPR Insight based on specific client requirements?
Absolutely. In fact, as part of each install, we train GDPR Insight to recognize client templates and template clauses, and we tune our existing analytics for optimal performance within the client’s data set. Once we have taken this step, GDPR Insight can immediately determine whether a contract is based on a standard client template and whether material template clauses have been amended. More importantly, to the extent a client has additional requirements beyond the scope of Apogee’s pre-built analytics, Apogee can leverage the power of the Seal platform to quickly develop and deploy supplemental analytics that function seamlessly with the remainder of GDPR Insight.
Do you have any metrics on savings compared to manual review and data scrubbing?
At the enterprise level, the review of an entire collection of contracts commonly requires large teams of professionals months to undertake. GDPR Insight can be installed, tuned and deployed in a matter of weeks, not months, providing timely visibility into your population.
At the individual document level, a typical manual scrub of a contract for GDPR compliance purposes can take anywhere from 30 minutes to two hours to execute (with a corresponding cost of up to hundreds of dollars). By comparison, GDPR Insight can, within minutes, determine whether up to 100 critical data protection points have been addressed in an agreement. Analyzing a contract with the assistance of GDPR Insight typically reduces the review labor costs by more than 50%.
We are an existing Seal customer, how complex is it to install GDPR Insight on our system?
GDPR Insight is built on the Seal platform and the entire analytic pack can be imported and activated in a few hours. Following activation, Apogee will “tune” the pack to recognize your template documents and to ensure overall efficacy. We also will install a “playbook” view to correspond to your review requirements and assist you in developing your custom reports and scorecards (we have plenty of recommendations). This entire process usually takes a couple of weeks. A quick note – do you want to know which of your contracts address data protection laws and the specific laws that are addressed? Do you want to know which contracts contain or omit the requirement to give you notice in the event of a security incident? We can give you the answers to those questions in minutes.
We are not Seal customers, do we need to install Seal to use GDPR Insight?
GDPR Insight is built on the Seal platform, leveraging its powerful array of custom analytic capabilities. If you’re not a Seal customer, there are three ways to leverage Seal and GDPR Insight for your data protection analysis: 1) Apogee hosts Seal environments for some of the world’s most security-conscious organizations and can have you up and running in your own environment in a snap, 2) Seal also hosts secure environments for a range of global organizations and will deploy GDPR Insight on your behalf, and 3) you can license Seal directly and install the application, and its full range of capabilities, behind your firewall.
How can I take a deeper dive into GDPR Insight and its capabilities?
You have a couple of additional options. We would love for you to attend our final GDPR Insight webinar, for which you can register here, or you can reach out to our respective teams directly at firstname.lastname@example.org or email@example.com. You also can read our short whitepaper on GDPR Insight here. Finally, stay tuned for updates on the Apogee and Seal blogs, which you can find here and here.
We look forward to receiving and addressing more good feedback and questions as we roll out GDPR Insight.