The countdown is on as we are just weeks away from the start of one of the most comprehensive, stringent, and consequential data privacy regulations ever to be enacted. Starting May 25, anyone who uses or stores personal data of European Union citizens will have to adhere to the new General Data Protection Regulation (GDPR).
The comprehensive and impactful nature of GDPR is raising serious concerns across every industry, especially in the legal community where personal data is commonly used for legal discovery and litigation.
GDPR was created to secure what its designers see as a fundamental right for people to protect their personal data. Under this premise, anyone can request to be informed about how and when their information is used. And they have the right to have it corrected, erased, or retrieved. Any company that violates these rights will be fined as much as 4% of its annual revenue or $21 million, whichever is higher. For example, a company with revenue of $10 million could face a single fine of $400,000.
In response, organizations are investing millions to get ready. Gartner predicts European companies will spend on average 1.3 million euros while U.S. businesses will shell out at least $1 million for GDPR readiness. Some U.S. companies are even expected to spend to up to $10 million.
When this much money and effort is put into a single regulatory measure, it stands to reason that you should be able to achieve more than just checking off a box to show compliance. IT measures of this immense nature should also drive revenue and efficiency in addition to the cost prevention of avoiding fines and penalties.
Law firms and organizations in related industries that recognize this are beginning to incorporate a range of cognitive search and analytics technologies to look deeply into vast legal matters, documents, and litigations to gain better insights while accelerating GDPR compliance.
Across the U.S. and Europe, firms, lawyers, and staff members are using these capabilities to address challenges that impede proper informational retrieval from multiple sources. By doing so, they’re able to find information stored in various information silos, including content-rich knowledge bases, document management systems, and large e-mail repositories.
Modern data analytics technologies are bringing transparency into an organization’s landscape by analyzing data through a meaning-based approach combined with machine learning to identify what constitutes customer data and where it sits across disparate sources and applications. It helps proactively expose potential regulation violations while offering an alternative to costly and time-consuming efforts to physically consolidate and centralize data.
One of the most significant challenges of GDPR is identifying data in all forms, including unstructured data—e-mail, video, instant messaging, and other forms that account for 90% of all digital data and is very prevalent in the legal system.
Legal professionals must be able to navigate and leverage endless volumes of unstructured data to meet GDPR compliance and make information-driven decisions to improve how they serve clients and the public. Here are five ways law firms can prepare for GDPR:
- Implement an analytics strategy that connects and analyzes data from multiple sources and quickly consolidates various disparate data points for a complete and comprehensive view. This enables you to retrieve data faster from a single source to speed discovery and prove compliance at the same time.
- Incorporate natural language processing (NLP) to extract personal data based on languages, sentences or phrases, key terms, phone numbers, addresses, and IP addresses. If, for example, someone wanted their name removed from a document or report, NLP would help extract and mask that information.
- Embrace machine learning with algorithms that help refine confidentiality levels and identify patterns to speed discovery efforts in unstructured data. This can also help determine access rights to keep certain individuals or groups from seeing personal data.
- Ensure accuracy in identifying specific personal data to control how data is transported and seen for an additional layer of security.
- Accelerate the speed and accuracy of identifying data to improve the overall performance of your storage systems, reducing CPU demands and potential bottlenecks.
While some law firms are already using a combination of search and data analytics technologies to improve the way they retain and search for data, they’re also leveraging these capabilities to improve business processes such as building applications that intelligently combine information into solutions that support everything from contextual search to pricing, matter management, and team resourcing.
These applications help lawyers and staff members work more productively by making it easier to find information and create an extra layer of data protection by exposing sensitive material that might be stored improperly. And they can accelerate GDPR compliance by allowing stakeholders to search all documents where a specific client is mentioned, including electronic mailboxes.
Like many new regulations for greater data privacy, GDPR opens the door to innovation. The fear of massive fines can motivate a broad swath of industries to embrace new technologies and practices that could also expand their bottom lines.