IACCM Contract Management Forum

« view all forum posts

SAAB Dynamics AB
2019-06-27 07:32:09

Management of PoC in agreements in relation to GDPR

I have recevied a NDA where the counterparty has not included a Point of Contact (PoC) - NDA's previously received from this party always stated a PoC. They say that the General Data Protection Regulation (GDPR) prohibits them to specify a contact person in their agreements. One can only refer to a title and/or funtion. Within my organization we always state one or more PoC's as this person(s) are the ones handling any information that is classified as confidential.

Has anyone discussed this issue within your organization? If so - what is your view on it?
And if there is no PoC in the agreement - how can you make sure that the confidential information is handled in a proper manner?
 •  World Commerce & Contracting  •   2019-06-27 13:50:43
Did you go back to them and ask whether their legal team or business team came up with that rule? Because it sounds more like a business decision rather than complying with the GDPR.

In other words, they don't want to have to change the document every time there is turnover in the company and the contact changes.

If they won't name names at a lower level, then the security can be handled in a different way, for example, company leadership itself could be held accountable for confidentiality and security.
Replies: 1
Filter by category
Operations & Capabilities
Organization & People
Strategy & Management Tools