The EU’s General Data Protection Regulation (GDPR) is set to cost FTSE 100 and Fortune 500 companies in the region of £800 million in contract analysis alone, according to research released today by Axiom, the legal tech firm.

Millions of contracts will need to be reviewed ahead of the May 2018 implementation date, and over 95% of companies still don’t know how many contracts need to be reviewed in order to comply with GDPR.

To compensate for this, Axiom has released a solution that leverages artificial intelligence and data privacy expertise to address this vast readiness gap.

The new GDPR contracts compliance solution uniquely combines deep data privacy expertise with artificial intelligence technology to analyse contracts, and includes an integrated/auditable workflow management system and scalable legal resourcing.

“GDPR has significant new and updated requirements of contracts governing the transfer of data; even current contracts with robust data protection language will be rendered non-compliant. The GDPR contracts compliance solution announced today will drive down the cost of finding, understanding and remediating these contracts at scale,” said Mathew Keshav Lewis, co-head of Axiom’s Global Banking and Regulatory Practice. “Axiom’s solution has been adopted by some of the largest firms in the world to address the impending regulatory deadline.”

As regulatory response experts with considerable experience working with the world’s leading companies on contract remediation, Axiom estimates that global firms still have millions of contracts that need to be identified and remediated by May 2018, at a cost of over £800 million (more than $1.06 billion).

In discussions with more than 100 companies from the Fortune 500 and FTSE 100 about GDPR contracts compliance, Axiom found the vast majority had not yet begun to calculate the scope of their potential contract remediation work. Less than 5% knew how many contracts would need to be addressed in order to comply with the regulation, which intends to strengthen and unify data protection for all citizens of the European Union.

“In tackling GDPR, the focus of most companies to date has been on large-scale technology issues and adapting systems to meet the new requirements,” said Lewis. “With just six months until the deadline, clients need to turn their attention to the millions of contracts between controllers and processors – they need to be found, understood and in many cases, renegotiated. There is a material compliance risk and huge fines for companies that don’t meet the deadline. The sheer volume of work means clients need smarter ways to reduce the cost and complexity of compliance.”

GDPR Watchdog comment: This is an interesting commercial article. There are no easy solution to compliance and continued management of personal data under the law. GDPR is like cleaning up your old garage. First you need to see what you actually have, then if you still need it, and for how long. Risk Analyzes is the biggest question about GDPR. The longer you keep the data subjects information the higher the risk. And you must place a track on each personal data to able to inform the data subject on how it was used and if deleted. Yes AI can be used, but first the company most establish NEW PROCESSES with a system to differentiate between corporate generic data and personal data which needs protection under GDPR. It’s a completely different and new way of thinking about data! 

This article is sponsored by:

GDPR certified

Show your customers that you care about their privacy! European Center for GDPR Certification is the “Consumer Trust Body” of the General Data Protection Regulation. Visit to read about how to add “GDPR TRUST SEAL”™ to your website in order to gain more business and distance you from the not so serious businesses – It Pays Off!