Ready. Set. Comply! Preparing for the GDPR’s Broad Reach

In May of 2018, the EU’s General Data Protection Plan (GDPR) will take effect and its reach will be broad, extending to corporate legal counsel and e-discovery teams during litigation and investigation. There will be new expectations, limitations and noncompliance can mean heavy-duty penalties for companies.

But no need to panic, just prepare. An in-depth Law.com article by Ryan Costello, “The GDPR: Teeth, and Considerations for Corporate Legal Counsel,” succinctly lists how.

• Get organized, create a sound plan and incorporate technology tools and knowhow from vendors. This will ensure a more streamlined process, comprehensive data collection, the strengthening of cross-border transfer processes and the gaining of key insights through early case assessment and information governance efforts.
• Perform vigorous data mapping exercises to determine the location of data, servers and jurisdictions.
• Identify and categorize personally identifiable information (PII) that could be a part of data collection.
• Keep data subjects informed in order obtain explicit consent and permissions before data has to be transferred or processed.
• Consider the privacy impact assessment (PIA), which delivers a record of data deletions and transfers, for certain processing situations. This will show compliance as well as a defensible deletion process.
• Finally, opt for e-discovery targeting tools, software, applications and technology to expertly and specifically target data.

“[M]inimizing the data for collection in advance can minimize the regulatory burden, while also overlapping with certain e-discovery requirements toward proportionality and balanced discovery processes.”

In addition to being compliant and avoiding penalties, Costello concludes that preparing for the GDPR can also help legal counsel and e-discovery teams streamline, enhance and improve the existing approaches to international discovery.