The General Data Protection Regulation (GDPR) is more benefit than burden. At least that was the argument put forward by the panelists of Relativity Fest’s International eDiscovery session. While they focused primarily on regulatory compliance, several of their points apply to eDiscovery as well.
This is the glass half full view of the GDPR and eDiscovery:
Confusion gives way to uniformity and predictability
Creating a uniform legal standard for data privacy in the EU is a primary purpose of the GDPR. It replaces a patchwork of sometimes conflicting laws and regulations administered by various national agencies. The panel argued persuasively that the benefits of operating under a single regulation with centralized, predictable enforcement outweighs the heightened compliance burden. The argument is equally applicable to collection and transfer of documents and ESI from the EU for discovery.
Cybersecurity investments pay dividends
The regulation takes a hard line on data security. Particularly notable are the 72 hour breach notice obligation and stiff fines. Stronger cybersecurity in business and legal is better for everyone except the hackers. More specifically, cybersecurity was already top of mind for eDiscovery professionals and has been for some time. The law firms and service providers who have made significant investments in infrastructure and training are best prepared for the GDPR. This gives them a competitive advantage in cases involving EU discovery.
Technological innovators have the advantage
Regulatory compliance – both in general and specifically for eDiscovery – requires technological solutions. The GDPR immediately created a large market for the design, sale and support of new products. The panelists further recommended repurposing and expanding existing eDiscovery tools, such as redaction solutions for PHI. Also needed are improved workflows to track and manage data originating in the EU. Service providers and software developers in particular are poised to benefit from the opportunity for innovation presented by the GDPR’s burdens.
Information governance is good for eDiscovery
Finally, the GDPR is a huge impetus to information governance. It governs the use, handling and storage of personal data of EU residents. The first step in compliance is to identify and map covered data. Evaluating the business value of collecting and keeping that data is essential to risk management. These issues and more fall under the umbrella of information governance. And as all eDiscovery practitioners know, strong infogov leads to more efficient and cost-effective eDiscovery.
The GDPR is voluminous, onerous and at points unclear. It also caught many US companies unprepared. It’s no surprise that the commentary so far has mostly focused on the regulation’s broad scope, compliance burdens, potential fines and other negatives.
The panel offered a thought-provoking counterpoint by focusing on the GDPR’s positive aspects instead. For litigators and eDiscovery companies, the most significant benefit may be the opportunity to get ahead of the competition by providing superior GDPR-compliant services.
This article was inspired by the “International eDiscovery and Data Protection” session at Relativity Fest 2018. The panelists were Karyn Harty of McCann Fitzgerald, Karl Hennessee of Airbus, Johnny Lee of Grant Thornton US and Heidi Stenberg of EY. Chris Dale of the eDisclosure Information Project moderated.