In May of 2018, the EU’s General Data Protection Plan (GDPR) will take effect and its reach will be broad, extending to corporate legal counsel and e-discovery teams during litigation and investigation. There will be new expectations, limitations and noncompliance can mean heavy-duty penalties for companies.
But no need to panic, just prepare. An in-depth Law.com article by Ryan Costello, “The GDPR: Teeth, and Considerations for Corporate Legal Counsel,” succinctly lists how.
- Get organized, create a sound plan and incorporate technology tools and knowhow from vendors. This will ensure a more streamlined process, comprehensive data collection, the strengthening of cross-border transfer processes and the gaining of key insights through early case assessment and information governance efforts.
- Perform vigorous data mapping exercises to determine the location of data, servers and jurisdictions.
- Identify and categorize personally identifiable information (PII) that could be a part of data collection.
- Keep data subjects informed in order obtain explicit consent and permissions before data has to be transferred or processed.
- Consider the privacy impact assessment (PIA), which delivers a record of data deletions and transfers, for certain processing situations. This will show compliance as well as a defensible deletion process.
- Finally, opt for e-discovery targeting tools, software, applications and technology to expertly and specifically target data.
“[M]inimizing the data for collection in advance can minimize the regulatory burden, while also overlapping with certain e-discovery requirements toward proportionality and balanced discovery processes.”
In addition to being compliant and avoiding penalties, Costello concludes that preparing for the GDPR can also help legal counsel and e-discovery teams streamline, enhance and improve the existing approaches to international discovery.