What is a contract?

A contract may be a formal agreement with a supplier, business partner, customer, etc. with whom data is shared or disclosed. Contracts may be the registration of the existence of any agreement signed with a third party such as a Service agreement, Data processor agreement, partnership agreement, System hosting agreement etc.

Where can I manage contracts and third parties?

Under Main menu > Contract management

Name

The name of the the contract is the formal name of the agreement. (e.g. ‘Hosting agreement with Microsoft’.

Contract reference

Add a contract reference which is the reference number of the contract.

Responsible

Assign a responsible or accountable to the contract. The responsible(s) can be one or more people who in some way or another is responsible for the contract management processes. It is possible to add more owners. Alternatively, several owners can be selected, one of which is marked with a star indicating the final accountable. This way, several users can be owners, while only one has overall responsibility.

Groups and categories

Relate the contract to a specific third party that is already on your central list of third parties (legal entities), that your organization shares information with. As an Admin you can click ‘Create new’ to add a new third party to the list.

Add a category to the contract from the existing drop down menu, or create a new category. You can create a new category yourself by typing direct in the field. Going forward, the option can be selected in the drop-down menu. E.g. a category could be ‘Hosting partner’ or ‘Customer’.

Tags

Here it is possible to create tags that allow the contract to be searched using an alternative keyword – e.g. if the business has an alternative name for the contract or if you want to tag the contract as a “third country transfer”.

Feature activation

Here you can activate or deactivate a number of specific features on your contract module.

  • Contract measures: Click yes, if you would like to be able to add contract measures to this module. This means that you can map out a list of measures that this contract should be measured by such as security requirements that are set out in the contract (implementation physical security, access management, encryption or specific controls from ISO standards) – it could also be specific legal requirements from e.g. competition laws that you want to keep track of per contract. Another example could be document specific supplementary measures in order to implement and report on Schrems II. A final example could be to document the amount sizes of each contract, so that contract management is able to filter on small an large amount contracts. The Admin can create any measure needed.
  • Data privacy: Click yes, if you would like to be able to map out data privacy questions such as data processor agreements, locations, legal basis etc.
  • Risk management features: Click yes, if you would like to be able to assess business or privacy risks to the contract.
  • Relations: Click yes, if you want to be able to see lists of all the activities, systems and data that the contract is related to.
  • Validations: Click yes, if you want to be able to validate each contract, to indicate if the current state of the contract should be ‘Accepted’ or ‘Rejected’.
Description
Documents

Upload or link to any documents related to this contract. E.g. the actual agreement. Give the contract a formal name, add a category, e.g. main agreement, DPA, appendix. (you can add a new category by writing something in the field. Remember to indicate if the contract is signed or pending.

Contact person

Add a contact person for the contract, inlcuding, Category (e.g. Internal service requester, Sales rep.) , E-mail-address or phonenumber. (you need the Advanced contract module for this feature)

Create or add contract measures on the sheet, Measures

Contract measures

Fill out relevant information related to privacy, under the Sheet, Privacy

Data processor agreement

Sub Data processors

Add and fill out risk scenarios under the sheet, Risk Management

Risk scenarios

See projects, assessments under the sheet, Assessments

Here you can see a list of impact assessment reports and projects where the contract has been included.

See related activities, systems and data categories on the sheet, relations

Activities on contracts

Business activities where this contract is related/involved according to business responsibles. E.g. a specific hosting agreement is involved in HR process, according to HR personnel.

Systems on contracts

Systems where this contract is related/involved according to business responsibles. E.g. a specific hosting agreement is related to a specific HR system according to HR personnel.

Data categories on contracts

Dat categories that are shared with third parties as a part of a specific agreement. E.g. Contact information and salary data is shared with a system provider as a part of a hosting agreement.

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support

Want to hear more?

Let's talk about how our experience and software can help your company.