Loading...
 
 

IACCM Contract Management Forum

« view all forum posts
Anonymous
2018-06-23 10:10:05

GDPR and its impact on contract terms and conditions

Hi there,

My company has recently adopted the necessary measures to meet the new GDPR requirements effective in May 2018 by amending its contracts with our suppliers (the processors) responsible to manage/process data on my company's behalf.

My question is, do my company need to amend its contract templates for other services and delivery of goods to outline that my company adopts the GDPR requirements in relation to data protection? My company when engaging with suppliers ask for the suppliers' representative details (including passport details) for due diligence verification and this has got me concern as some of the suppliers representatives are from the UE. However, the articles I read about GDPR emphasised the contracts re data processing must abide the new GDPR, that is, contracts between 'controller' and 'processor', but it lacks information on whether any other type of contract must have new clauses to address the GDPR.

Thanks
 
 •  IACCM  •   2018-06-27 21:52:38
Given you are talking about actually processing personal data (suppliers' reps details), if this falls under the GDPR then it would be prudent to update the contracts to that effect (See Art 3 of the GDPR for full territorial scope, but this could mean a company based in the EU or processing data from EU individuals or companies). I believe the first step is reaching out to your Legal team and DPO and get an assessment specific to your business operations and identify the cases where you qualify as a data processor or controller. As a general approach, according to Art. 5 of the GDPR, you need to inform the individuals about collecting and processing their data, as well as the purpose of the data processing. Direct consent could also be required (see Art 7). If your organisation has already implemented the processes to comply with the GDPR, it would only be a matter of including it in the contracts or working with localised templates (i.e. include it only for your company's OUs or suppliers based in the EU).
Best regards,
Pablo Cilotta
 
 
Replies: 1
 
Filter by category
 
Process
 
Operations & Capabilities
 
Organization & People
 
Strategy & Management Tools
Networks