I'm just trying to understand your position.
Considering that you are managing all contractual relationship with another company (buy and sell side) sounds actually good from your company perspective. It would mean, that your leadership can expect you to have a full overview about the contractually back and forth with this JF. Therefore I assume it's hard to change the mind of your leadership, since I would expect them to see your doublerole as positive.
However on the other side, there is your personal position, meaning being something in the middle of a sandwich, right? I'm not sure about your empowerment, but in worst case you have also very limited authority to change some company rules (discounts, penalties, payment conditions, acceptance criteria etc.). And on buy side you usually have different contractual expectation than on sell side. I assume, this is the tricky part in your situation. Fulfilling the internal requirements for buy- and sell side with the same contractual partner at the same time (and maybe also your partner asks you if you are a bit crazy, since requesting sooo different contracts when you are either on sell side or on buy side).
When the conditions your company expect in contracts are very different on sell side and buy side, this should be communicated as an issue (to your leadership). I think there are 2 options as solution: either the requested second CM as you suggest, or an escalation to the leadership to align clear buy and sell conditions between your company and the JF, which are equal to both parties. such framework conditions would make at least your position more clear. And maybe there won't be anymore need of a split of the CM roles buy side and sell side?
Since I couldn't find many information in your post, I hope, this is somehow helpful?
If your uncomfortable position has other reasons, please let me know.
• Omaha Public Power District
I probably would start collecting facts: Firstly, establish the relationship between Your Company ("Y Company") and Company X ("X Company") by looking at any specific, written agreement about the services ("X and Y Services"). Also, establish clarity around (1) Y Company's services to be provided to X Company, and (2) X Company's services to be provided to Y Company. At this point, are there any conflicts that you can see/anticipate in your ability as the Contract Manager during the provision of X and Y Services, that perhaps could result in non-performance or non-compliance? Also, how do you escalate and cure any issues of non-performance (for example)? Secondly, I would review the files documenting any legal review, if any, prior to said agreement being reviewed for signature/execution. Were there any concerns that were raised and eventually resolved (internally)? AT the very least, you could start with the resource allocation -- that is, regarding your time management and how to better allocate your skills - in developing your case. Hope this helps. Regards ~ Rose
Just in case you still need a few other pointers, consider the following:
One thing sales people understand is numbers so approach it from an accounting point of view. Since the contract is void, consider discussing the fact they will not be able to meet all the GAAP principles for revenue recognition and if your accounts folk are diligent they probably will back you up ( but run this by them - accounts - first. Companies interpret or apply GAAP revenue recognition differently ).
Since Company X no longer exists and as such has no contracting capacity, it cant assign/novate the contract which will impact collectability should the New Company choose not to follow through with what it has implied it would do re: payment
If you are required to create a new agreement using the same or similar terms and conditions, consider preparing a risk assessment analysis of the contract and let the stakeholders approve the risk they are taking on by utilizing the same Ts & Cs so everyone is on the same page. Whatever discussions or approvals were obtained for the former Company should not apply to the New Company.
Given you are talking about actually processing personal data (suppliers' reps details), if this falls under the GDPR then it would be prudent to update the contracts to that effect (See Art 3 of the GDPR for full territorial scope, but this could mean a company based in the EU or processing data from EU individuals or companies). I believe the first step is reaching out to your Legal team and DPO and get an assessment specific to your business operations and identify the cases where you qualify as a data processor or controller. As a general approach, according to Art. 5 of the GDPR, you need to inform the individuals about collecting and processing their data, as well as the purpose of the data processing. Direct consent could also be required (see Art 7). If your organisation has already implemented the processes to comply with the GDPR, it would only be a matter of including it in the contracts or working with localised templates (i.e. include it only for your company's OUs or suppliers based in the EU).
Hi there. I have submitted and forwarded your question to Daniela Badescu, who is the practitioner in charge of the IACCM Community of Interest "Data Privacy and Data protection", and who has recently delivered a webinar on GDPR. Daniela will be back to you on this. Thanks
• Willis Towers Watson
This is a very interesting point. Thank you for raising the question.
As all is still new with GDPR, it's hard to say what the actual practice is.
One aspect to consider is that the administrative fines are tiered, with the first being up to 2% of the turnover or 10M Eur (whichever is higher) and the second tier up to 4% or 20M Eur (whichever is higher).
Let's assume a consultant provides a set of recommendations and implementation guidelines. GDPR consultants could argue that following that advice is the company's business decision and that applying and maintaining the processes to remain compliant is the company's responsibility.
Also, holding a consultant liable for up to 4% of their customer's turnover may be more than what they can/are willing to cover. Ie. assume an organisation has 10M EUR turnover - this mean the consultant's liability would be up to 400,000 EUR. How does this measure against the consulting fee?
To set up a liability coverage, I believe it may make sense to look at fines in the context of specific contractual obligations and see if based on that, the fines qualify as direct or consequential damages.
It may be different for contracts where there is a continuous service to design, maintain and review the GDPR related processes. Still, the level of liability remains subject to negotiation and I would rather expect it to be tied to the actual contract value and not on fines or other operational costs that may result from non-compliance.
What type of contracts are you looking at? It would be great if you can share what you have seen.
thank you for your kind response!
It seems it is becoming practice for companies seeking GDPR consultants to require liability for administrative fines and related costs incurred.
You have asked about the contracts, these are service/consulting contracts between GDPR consultant and SME company (client) which intends to source out the GDPR management/compliance to an external consultant. The services would typically include investigation of readiness for GDPR, preparation of guidelines the company should comply with with regards to GDPR, impact assessment and gap analysis.. The value of such contracts is a fraction of the administrative fines which might be implied upon the client by the authorities in case of GDPR breach. GDPR consultants who refuse to accept full liability for the administrative fines often loose their opportunities and clients.
I do not fully understand your paragraph on direct and consequential damages. Could you please kindly explain?
Thank you again for your time and help.
• NISSAN Europe (Alliance Renault)
Please share any market trends regarding "super caps" instead of unlimited liability in case of data and/or security breaches for SAAS, PAAS and IAAS contracts, Thanking you in advance, Hubert
Hubert - this wasn't SaaS, PaaS, IaaS specific - but on most recent contracts relating to ICT managed services I've worked on (network and apps support) customer took an approach of requesting unlimited liability, then relaxing back to super cap between £15 - £25m (depending on bargaining power).
Well, WILLFUL MISCONDUCT is clearly a breach of the agreement. Almost all of the contracts includes "The Contractor shall discharge its obligations in accordance with good industry practice" clause..
Willful misconduct clearly violates that, and i believe unless the Contract has such provision, the party cannot levy any kind of damages on the defaulting party.
Though the affected party by notice may ask for the substantial explanation of the defaulting party in this regard.
In case the affected party is the Authority, He may always holds the right to terminate the default party at any phase of the project.
Hope this helps.
• Bell Gully
Hi there, it depends on what legal jurisdiction you are operating in. In some jurisdictions "wilful misconduct" will have an established legal meaning. In others where it doesn't (including mine) it is actually sensible to flesh out the concept in your contract in order to (attempt to) mitigate any future uncertainty. These formulations will usually reference the party's intention, i.e., the party in question intended to commit the act or omission in question and knew/should have known that it was going to cause the other party to incur the loss. This is different from negligence (obviously) where you only have to show a duty of care. Whether your claim is for wilful misconduct or negligence, you will have still have to take the concept/test and "fit" it to the facts. Unfortunately it's never a binary kind of test.
As with any claim in tort you will then have to show causation i.e., (the wilful misconduct caused your loss) and that the loss wasn't too remote/excluded, e.g., if the other party excluded its liability for loss of revenue/profits and your loss = loss of revenue then you won't be able to claim damages. (Although it is actually pretty common for suppliers to agree that any liability caps/exclusions won't apply in the case of wilful misconduct).