To successfully implement and execute your digital transformation project, there are a number of legal challenges that you will need to address along your journey, including: legacy IT systems, contracting, data processing, cybersecurity, IP and regulation. Addressing these legal issues early on in the project can help avoid costly delays and prevent disruption of service to your customers.

Legacy IT systems

By definition, many digital transformation projects are designed to modernize legacy IT systems to better address the future needs of the company and its customers. This usually means procuring new hardware and software, which often consumes a significant part of the project budget. Usually digital transformation consists of combining the licensing of off-the-shelf software products with the development of bespoke software components.

Before embarking on a digital transformation project, it is important to review your existing license and maintenance contracts. Can the existing contracts be terminated and if so, what are the costs? Can you upgrade the existing license so that you may not need an entirely new product? Are there any exit-assistance arrangements in the contract?

It is also important to bear in mind that digital transformation products are often interconnected with other software and/or databases. Before embarking on your project, consider establishing an integration team to oversee the procurement, rollout, integration and of course the legal considerations at every stage of your planned transformation project.

Contracting with partners

If a digital transformation project is unsuccessful, the costly software you purchased is often of little or no use. Frequently, the various components of the project are split among multiple suppliers. This can give rise to a number of questions: Where does the company stand if one of these contracts (e.g. the development contract) fails, but the separately licensed standard software works properly? Are we obliged to continue using obsolete software? Are we allowed to continue using a particular piece of standard software if the development contract for the custom add-on is terminated? How can we ensure all vendors work together to achieve the desired result? It is crucial to define at the outset what the impact will be on each contract if another contract is terminated.

There is often a high level of interconnectivity between software and database products, so it is crucial to ensure not only the interoperability of the technical components, but also the coordination and harmonization of the contractual framework. This means making clear contractual service level agreements, including the split of responsibility and liability without leaving gaps between those contracts. An overarching “digital integration” team, including a legal department representative, can be useful in overseeing and coordinating the various procurement activities within the project.

However, procuring standard software is not usually what causes the most headaches in legal departments. Rather, contracting for the development of bespoke software components usually carries the largest risk of failure.

Agile software development agreements are often set-up as service contracts and do not clearly stipulate the developer’s obligations, such as the deliverables, timeframes, penalties, cooperation responsibilities and transfer of intellectual property rights. While this is understandable from the perspective of the agile development method, this approach can lead to significant delays or project failures with no enforceable options for the company. Therefore, development agreements should always be drafted with care and with a view to the specific situation and deliverables of the project, but without undoing the benefits from an agile development process.

Handling of data

A key component of many digital projects is the aggregation and combination of data. However, complex and divergent data protection regulations and data ownership issues may limit the company’s right to perform these key functions. To successfully address the data processing challenge, you need a three-pronged approach:

  • A clear understanding of relevant privacy and data protection frameworks;
  • An analysis of data streams and the legal framework;
  • The creation and subsequent implementation of legal, organizational and technical solutions (e.g. anonymization or pseudonymization).

With more and more jurisdictions implementing (or considering to implement) GDPR-like legislation (including key market as the US, Brazil, Australia and India), taking a holistic approach to your data privacy framework is essential. In this article we look at the impact of GDPR in more detail, including the considerations for both EU and non-EU based businesses.

Cybersecurity

In today’s economy, employees need instant access to data from different locations from multiple devices. Cloud-based solutions are increasingly used as a cost effective, safe and flexible form of data storage. In this article we take a closer look at data centers and cloud solutions, including the continued growth of the data center sector in Europe.

However, putting data online means a greater exposure to the risks of cyberattacks. These risks are significant and include potential damage to reputation, business interruption, litigation, loss of intellectual property and confidential information, as well as regulatory sanctions. Perhaps most importantly, since cyberattacks often target sensitive customer data, a security breach can damage – sometimes irreparably – customers’ trust in your business.

To mitigate these cybersecurity risks, you need a proactive and integrated approach to prevent, prepare for, and respond to cyberattacks. This requires close collaboration across various disciplines within the company to understand, detect and respond to these advanced and evolving threats. In short, preparing for cyber incidents and how to respond to them will be a critical aspect of your digital transformation project. 

Intellectual property

Intellectual property (IP) is a key aspect of any digital transformation project.  IP protection allows creators to benefit from their own work and owners to benefit from their investment in a creation. However, while IP law helps protect and promote originality, creativity and innovation, advancements in technology can facilitate the infringement of IP rights.

To begin with, you need to ensure that your company has the appropriate rights to use the software for the intended purposes. This may include arrangements on scaling licenses up and down.

Then, as part of your digital transformation project, you need to consider how best to protect your company’s intellectual property. Digital technologies make it increasingly easy to share ideas and content, but it is not always clear where the intellectual property rights lie.

Intellectual property protection frameworks differ by jurisdiction and regulations are not always suitable for the digital world. This can lead to challenges for intellectual property rights management, in particular where technology or ideas are created in an open source environment or with input from various parties, and are commercialized at a later stage. 

Regulatory framework

In highly regulated areas such as banking, insurance, health care and public services, you need to closely monitor the applicable regulatory framework. This can be a challenge, as applicable rules change rapidly and are often scattered among different sources of law, both at a national and supranational level.

As new technologies emerge, regulatory frameworks evolve to address the new legal challenges they bring. Such regulations often seek to protect customers, who use those technologies, from potential threats. For example, the emergence of driverless cars poses a number of questions that lawmakers and regulators will have to answer. Who takes responsibility in case of a crash? Who is liable? The driver? The car manufacturer? The software developer? As the legal framework evolves and new rules are created, you will need to continue to adapt your company’s policies to stay current and compliant.

If your digital transformation strategy involves launching a new digital platform or technology, you should do a full risk assessment early on to identify and mitigate any potential threats or dangers that using the technology can bring to your customers. Such prudence will not only help you build and maintain trust with your customer base, it can also help you minimize additional regulatory burden once the product is launched. Consider using Legal Tech solutions to help you during your journey.

In summary

Taking the time to consider and plan for these legal challenges early on in the project can help you avoid potential pitfalls and costly delays. To do this, it is important to assemble a digital integration team – comprising key individuals from across core disciplines, including legal, compliance, IT, risk management and procurement – to ensure your company is on the best possible footing before embarking on your digital transformation project.

Subscribe and stay updated
Receive our latest articles by email.
Stay in Touch
Marc Elshof

About Marc Elshof

Marc Elshof is a partner in Dentons' Amsterdam office and Co-Head of Europe Data Privacy & Security. He has specialised experience in complex IT and data protection matters. Marc advises our global clients on their national and cross-border data protection issues and worldwide data protection strategies, as well as on cybersecurity issues. He further assists our clients on their IT matters, including complex IT contracting, software licensing, SaaS agreements, and outsourcing projects.

Full bio

Related Articles