5 reasons why you need a real contract management solution

With the EU General Data Protection Regulation (GDPR) enforcement deadline coming up in May 2018, being GDPR compliant is more relevant than ever. That also goes for dealing with your business contracts.

Here are five reasons why:

Keep track of each and every contract in the company
Avoid sensitive contracts residing in your (and other people’s) email inbox
Be in control of who can access and use your business contracts
Know when to renew a contract — and when to delete it
Meet your business responsibilities — also in relation to GDPR

Keep track of each and every contract in the company

Let me take a wild guess. You use emails as a major part of your business communication — also when it concerns contracts. Am I right? Emails sent between your company staff and maybe even external parties — maybe a contract counterpart or a legal counsellor.
Contracts are handled by internal staff and external parties
You exchange contract drafts or your internal notes and commercial requirements over email. Add to that the dialogue — still by email — about the actual contract contents and review comments back and forth from each involved person.

At some point, the final contract is sent from the legal counsellor to you. By email. How many incoming and outgoing emails did you count by now? I lost count.

Imagine being able to do all that from within a central contract management system without losing track on contract changes, amendments, review notes and comments.

You can. But it takes a real contract management system that supports the entire contract review process — both for internal and external users.


Avoid sensitive contracts residing in your (and other people’s) email inbox

You recruit new staff. Receiving job applications and resumés often takes place over email. You most likely share this information with HR team members or hiring managers.


GDPR requires you to restrict access to those with real need

According to GDPR, job applications and resumés are personal data and access must be restricted to include only those who need it — and deleted again, once no longer required.

Do you (and everyone else who was involved) remember to delete all this information from your inbox and local file directory after the recruitment process has ended? Most likely not, would be my best guess.

Again, a real contract management system would help you comply with GDPR — and ensure that sensitive personal data would only be accessible by those who need it, and deleted once no longer required.


Be in control of who can access and use your business contracts

Do you keep your business contracts in paper or digital form — or both? Where do you store them? Who can access them? Who did access them? Is your business in control of all this? Or, do your contracts reside in a filing cabinet or open network drive where everyone can access them?
GDPR requires you to document who can see what
According to GDPR, you must document who can access documents and contracts containing personal data and why. And, you have an obligation to report to the national data protection authorities — within 72 hours — if someone gains illegitimate access to personal data.
Are you able to do that today? If not, you may need a contract management system to assist you.

Know when to renew a contract — and when to delete it

According to GDPR, legitimate processing of a document or contract containing personal data requires that at least one of the following is valid:
  • Able to uphold the contract to which the data subject is party
  • Able to comply with legal obligation
  • Able to protect vital interests
  • Able to carry out a task in the public interest
  • Able to pursue other legitimate interests, unless fundamental rights or freedoms override it
GDPR requires you to get rid of obsolete contracts in due time
An expired contract may be renewed with the consent (e.g. signature) of the contracting counterpart. If no consent is obtained from the data subject, you comply with another legal obligation in order to keep a copy, else it must be deleted. Note that national or international legislation (e.g. accounting law) may take precedence over the GDPR.
A contract management system can help you define the policies of persistent data and records management for meeting legal and business data archival requirements. With Retention Policies in place you can define both how long, and why, a contract must be persisted as well as the destiny of the contract after the retention period ends — processed in a workflow or automatically deleted. And, in compliance with GDPR.

Meet your business responsibilities — also in relation to GDPR

As a business owner you need to be familiar with national and international legislation e.g. when it comes to real estate, employment and tenancy, company law, disputes, generational change, etc. Most small and medium sized enterprises (SME’s) do not have legal counsels on their payroll, and therefore often seek counselling and legal advice from external law firms.
Often you'll need the advice of experts
Legal counsellors are often involved in contract reviews, new contract designs, creation of contract templates, counselling in contract negotiations, and many other areas.
Using a document and contract management solution can ease the burden you meet when dealing with external counsellors. We call it Next Contracts 360.
Would you like to know more on how a contract management system could help you dealing with your contracts or becoming GDPR compliant? Then feel free to contact us today.

Steen Munksgaard 
Product Manager and GDPR specialist


All blog posts