On May 25, 2018, the European Union enacted one of the most stringent data privacy regulations the world has ever seen—GDPR. This new regulation is impacting thousands of law firms around the world, not only EU-based organizations but any firm that collects or processes personal data on EU residents.
Now that this is in effect, the fines for non-compliance could be as high as four percent of annual revenue or $21 million, whichever is higher. To put this in perspective, a fine of that magnitude could put some small law firms out of business, and for a firm with revenue of $10 billion, the fine could be a staggering $400 million.
Practicing law effectively depends on access to the synthesis of growing volumes of legal documents and other supplementary information spread across growing numbers of repositories. Lawyers spend inordinate amounts of time simply searching for the content and topics they need for their work.
It is impractical to sift through large datasets manually to find personal data and judge its GDPR compliance. Law firms need sophisticated technology to deal with their data effectively, enabling them to search, discover, and review. Here are a few tips for using modern technology solutions to comply with GDPR.
Leverage Insight Engines
One of the biggest challenges facing law practitioners in recent years is the retrieval of information from many different sources. Across a firm, lawyers and staff members are forced to locate information stored in various information silos, including SharePoint knowledge bases, document management systems, and large Outlook mailboxes.
One remedy could be Insight Engines that help lawyers and staff members avoid losing valuable time searching for information in different content and knowledge sources, thanks to their advanced capabilities and ease of use. The power and thoroughness of Insight Engines enable firms to practice proper document management, which results in enhanced internal protection of sensitive client information.
The technology accelerates compliance with GDPR because it allows stakeholders to surface all documents where a specific client is mentioned, including electronic mailboxes. Insight Engines can analyze enterprise information and take a rules-based as well as a machine learning-based approach to identify what constitutes customer data and where it exists across disparate applications and content repositories. Such automated analysis effectively exposes compliance violations to prevent potentially expensive non-compliance penalties.
Think Beyond Checking the Boxes
To achieve GDPR compliance, law firms should not simply focus on checking off the boxes of the regulatory requirements but rather treating the challenge as an opportunity to improve overarching information management infrastructure.
To date, organizational silos have proven to be among the biggest challenges to driving informational value and achieving the vision of cohesive information management infrastructure for law firms. With silos remaining disconnected, there can be no granular or consistent control of data; different silos entail different search capabilities and different policy engines, resulting in inconsistent, decentralized control. The technology exists to help span digital silos, so information can be searched, discovered and correlated across multiple—and increasingly diverse—repositories and applications. This technology can connect directly to all of a firm’s native content repositories, allowing information to be surfaced quickly by users in a unified way, a critical part of the solution.
There should be a focus on breaking data out of silos and making it centrally searchable and accessible, while still respecting the access rights managed within the native repositories.
Balance Data Privacy and Analytics
Law firms must balance data privacy and analytics. Data is the new currency. But GDPR compliance should not be at odds with the firm’s strategic efforts to leverage information. In reality, the bedrock requirement of compliance—granular control of data, itself contingent on the ability to consistently locate data—is a value driver in all organizational initiatives that use and apply information. The ability to quickly and consistently locate content within the distributed IT system is an important precursor to the control of data.
The law firm environment is only becoming more diverse and distributed, with data scattered across various cloud and on-premises repositories and applications. With the ability to find all data and content associated with a particular customer or individual, firms can much more easily comply with critical data subject rights under GDPR, such as the right to erasure, the right to rectification and the right to access data.