Menu
For many, complying strictly with data protection regulations is challenging. Maintaining your GDPR register and complying with GDPR and other national privacy legislations has many aspects. Weagree enables you to comply with all GDPR requirements (or equivalent data protection legislation). The Weagree CLM and entity management provide you all GDPR-required functionality.
Weagree’s GDPR-enforcing features include:
Note that neither Weagree nor your integrator-service provider can access your data unless you have specifically granted access, and then only for as long as you have granted such access. You do not want any outsiders to curiously look into your affairs – we take your privacy and confidentiality concerns seriously.
If you want, Weagree CLM is your complete GDPR register. Weagree’s CLM-integrated GDPR register enables a data protection officer (DPO) or corporate information security officer (CISO) to:
Weagree’s CLM-configuration options also prevent unnecessary data breach notices and allow one-click insight in your required course of action. Moreover, Weagree’s GDPR register will automatically stay up to date as end-users work with Weagree’s CLM.
The Weagree CLM comes with a template for your GDPR register, but if more granular data or insights are needed, the flexibility to adjust to your needs is there. As a data controller (managing your own business’s personal data) GDPR article 30 requires that your GDPR register contains:
Where your organisation processes data on behalf of third parties, Weagree’s CLM supports your compliance with data protection laws, by also recording, per such third party, the categories of data processing activities and furthermore such details as GDPR article 30(2), 49(1) and 32(1) may require.
Obviously, signed DPA’s (data processing agreements) can be saved and managed in the Weagree CLM repository alongside the underlying contract with that counterparty. But you may as well store it in the entity management for that supplier, customer or partner (as you may know, Weagree’s entity management can be used for both ‘own entities’ and ‘other parties’).
Weagree’s GDPR register enables you to implement GDPR registrations consistently and to monitor all GDPR-governed activities across your entire organization. To make this easier, you can define the relevant GDPR-parameters in a so-called ‘global CLM block’ and reuse this CLM block in each CLM contract sheet. Configuring your CLM has never been as easy as with Weagree.
…reinforced automatically
It is a challenge to comply with data retention periods:
The Weagree Wizard will take care of compliance with the data retention periods you define: automatic deletion of (personal and contract) data can be defined granularly, differentiating for the contract stage (precontractual vs. post-termination), the type of data subjects (legal entities vs. individuals), their functions or roles (contact persons vs. end-users):
In addition to the above automated enforcement of data retention periods, it is possible to automatically remove the suer-names from draft contracts after the lapse of time. At some stage, for example after seven or ten years, the identified ‘owner’ of a contract entry probably does not matter anymore. Time to remove the owner (and the contract remains accessible).
…Weagree preserves data integrity and prevents fraudulent or careless data removal
The Weagree Wizard contains adequate protection measures to prevent inadvertent, negligent or intentional, fraudulent deletion of any contract, contract data, legal entities or persons involved. Any deleted data can be recovered from the admin recycle bin for as long as it is not deleted permanently. You can configure yourself what duration applies between user-deletion and permanent deletion.
Logging of user activity is a key aspect of ascertaining data integrity: that is why all actions by every end-user is logged, if only for ‘forensic purposes’, anywhere in the Weagree Wizard. In respect of CLM-managed, signed contracts, every change to the CLM metadata is logged (authorized users can review the logging details).
…managed well in Weagree CLM
While access rights enable high level access rights, not every contract may be seen by everyone. Weagree enables users to mark a contract as ‘confidential’ (or sensitive) and keep it out of sight of (and inaccessible for) colleagues.
At the same time, your organisation must remain able to know all its rights and obligations. Therefore, certain qualified users can be authorised to see which (and access) contracts are marked confidential.
In projects and transactions, it is possible to keep the contracting parties involved in the project or transaction invisible in Weagree’s CRM. Especially for super-confidential transactions (seen in law firms), this a power safeguard.
…well-managed
Of course, the visibility and accessibility of contracts and contract data across the organisation can be managed with Weagree’s user groups functionality.
But Weagree does not stop here: thanks to our enterprise-grade user management functionality, you can define as many user roles, user profiles and user groups as may be necessary, and grant access rights and enable end-users to use such functionalities as they need in their role or position. The access rights and related AD-groups can be managed through your Azure AD (synchronising upon the user’s single sign-on (SSO) access).
From an IT security perspective, you should be concerned about the external parties that may access your data. Good news: Weagree’s employees and third-party integrators cannot indefinitely access your contracts or contract data: you must give us and each of them access. And such access right expires after the period that you define for us or for them. For individual support, also an end-user can grant ad hoc (one-time) access to a Weagree-integrator. In such case, the integrator can be given short period access.
Who is your DPO? Weagree’s integrated legal entity management provides on a per-legal entity-basis the possibility to identify who is the responsible Data Protection Officer (DPO) for that legal entity.
Strong organisational and security measures: see our high-level description of our IT security measures.
