Ready. Set. Comply! Preparing for the GDPR’s Broad Reach

  • March 8, 2018

    In May of this year, the EU’s General Data Protection Plan (GDPR) will take effect and its reach will be broad, extending to corporate legal counsel and e-discovery teams during litigation and investigation. There will be new expectations, limitations and noncompliance can mean heavy-duty penalties for companies.

    But no need to panic, just prepare. An in-depth Law.com article by Ryan Costello, “The GDPR: Teeth, and Considerations for Corporate Legal Counsel,” succinctly lists how.

    • Get organized, create a sound plan and incorporate technology tools and knowhow from vendors. This will ensure a more streamlined process, comprehensive data collection, the strengthening of cross-border transfer processes and the gaining of key insights through early case assessment and information governance efforts.
    • Perform vigorous data mapping exercises to determine the location of data, servers and jurisdictions.
    • Identify and categorize personally identifiable information (PII) that could be a part of data collection.
    • Keep data subjects informed in order obtain explicit consent and permissions before data has to be transferred or processed.
    • Consider the privacy impact assessment (PIA), which delivers a record of data deletions and transfers, for certain processing situations. This will show compliance as well as a defensible deletion process.
    • Finally, opt for e-discovery targeting tools, software, applications and technology to expertly and specifically target data.

    “[M]inimizing the data for collection in advance can minimize the regulatory burden, while also overlapping with certain e-discovery requirements toward proportionality and balanced discovery processes.”

    In addition to being compliant and avoiding penalties, Costello concludes that preparing for the GDPR can also help legal counsel and e-discovery teams streamline, enhance and improve the existing approaches to international discovery.