Make Your Contracts Compliant With Applicable Law!

IT is at the heart of every business and when looking for software, hosted or cloud services (SaaS, IaaS and PaaS), having the right product as well as the right contract is now paramount. With the onset of more stringent data protection legislation and new technologies such as cloud, there are a lot of things to think about. Customers are also placing demands on their suppliers and if they are an intermediary or host their services, then customers may want more than a contract can provide.

Typically contracts now come with a Master Schedule, a Data Protection Addendum, Appendixes including Security and service levels. All of these need to be read, understood and where possible, terms discussed and negotiated. Excis are experts in IT Contracts and we have a team of qualified Lawyers, Data Protection and Security Consultants who are well versed in helping our customers get the right services and associated contracts, assisting them in recognising what is important and then acting on their behalf to ensure they get the right deal.

The Benefits Realised

  • Ensure that your contacts, software and contracted cloud services are GDPR, privacy and applicable-law compliant;
  • Have a stronger contract negotiation / bargaining position by understanding the implications and outcomes of a contract;
  • Create a third-party supplier surveillance program and be able to provide supporting evidence of cloud contract compliance to your customers;
  • Be able to minimise and mitigate risks to your data, services or that of your customers from your cloud suppliers and their respective supply chain;
  • Understand your contracts and be able to insure against any problems or issues that may occur;
  • Reduce the high costs of retaining internal skills and resources and pay only for services that you consume;
  • Provide insights for your overall information security and privacy posture;
  • Improve your reliability and availability of systems and data by understanding how your contracts operate;
  • Meet your legal obligations under Article 28 of the GDPR, with all necessary contract terms, requirements and due diligence in place and be evidentially compliant;
  • Offer your customers terms that match your contracts or that offset any risks, reducing your exposure and giving your customers confidence in your offering.

How Excis can Help

The balance of power with regards to many contracts is in the hands of the suppliers rather than the consumers. Many contracts appear to impose onerous terms or liabilities on the consumer of a service or product and as a result can leave any company who wishes to procure on the back foot. This is especially so in the world of software and of cloud or IT services. New data protection regulations are trying to address this imbalance.

If you are unaware of where and how they do this, your customers may be asking you for commitments that you cannot meet as your suppliers who may host or provide key services could have terms that are different from your offering or more often, terms that place legal liabilities back on you as a customer . These liabilities could be down to where data is hosted, export, indemnities, availability, access or the service itself. The challenge with contracts also extends into how risks are managed as they are difficult to measure. Cloud contracts are examples where the service you are procuring can only be measured by the contract. Audit rights are generally paper based, and risks associated with the service are shared between you and your supplier. This is less than ideal as many companies focus on their products and on sales rather than the services of their suppliers. The lack of audit rights also compounds this as your suppliers control the information you can access.

Excis are contract experts and have many years of expertise working with contracts. This includes writing, reviewing and negotiating them. We have a team of international lawyers, data protection and security professionals who have assisted many of our customers in getting the right products, deals and in being compliant with applicable laws. We have advanced expertise in cloud contracts, and we are currently one of the only organisations in the EU who are specialists in cloud privacy and have certified audit leads who can audit cloud security, privacy and legal terms. This means that we are able to assess against the GDPR and other legislation and can quickly identify gaps so your risks can be managed and mitigated.

Excis offer several approaches to our customers for contract review services. The ideal time to get Excis involved is before you contract with a supplier or customer before a contract is agreed or discussed. We can advise you of the benefits or disadvantages of a given contract, clause, schedule or gap and we can then assist you in getting what you need to attain the best solution to your needs.

Another option is for Excis to review your product, service or contracts to determine any inherent risks against current or emerging legislation. This way we can advise you on the best ways to offset any risks within the supply chain.

The third option is for Excis to help set up a surveillance program for your contracts and to either manage or train your team to deal with contract review, risks, terms and conditions and any subsequent changes.

When you engage with Excis we will explain our processes as we are specific to your needs and we aim to be efficient and to bring you the maximum benefits as soon as possible. Typically, we can determine your needs and guide you through your journey after the initial assessment. We will identify key issues, provide expert advice and recommendations to address any issues that you may face and can then move forward on agreement.


Please email: or call +44 (0) 1622 926 312 for more information.