Since the end of May 2018, the GDPR regulates all activities involving the personal data of EU citizens. Under this regulation, companies around the world are only allowed to process and store data of European citizens if they can prove compliance with the strict rules of this regulation.
It does not matter if you are a European company or not; the new GDPR will bring substantial changes and compliance challenges for every organization that collects, processes, stores, and transfers personal data, anywhere in the world.
To be compliant with GDPR, an organization needs to be able to identify exactly where data is. It does not matter whether that data is in its own data centers, in the cloud or with a third party: the data controller – including law firms, LPO’s, and governmental agencies- will be held responsible for data at all times.
With the GDPR, the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU) and to synchronize the present data protection laws of the EU member states. It also addresses the export of personal data outside the EU.
By the end of May 2018, companies need to have implemented appropriate technical and organizational measures and stand ready to demonstrate compliance. They are further obligated to review and update measures on an ongoing basis as necessary.
Litigation and the threat of litigation has until now, been the primary reason for eDiscovery. The implementation of the GDPR add a very important driver. Under the GDPR, any European data subject can execute their “right to be forgotten”. This means that any data subject can request that all data a company holds on him or her will remove. Companies need to be able to demonstrate that they can do that. And before any data can be shared with a third party, like an overseas regulatory agency or potential buyer in an M&A project, all personal information has to be anonymized or pseudonymized.
This makes the notion that you only need eDiscovery in case of litigation, obsolete. All companies in the EU and all US companies doing business with the EU need to have a combination of data classification and eDiscovery in place by May of next year.
eDiscovery technology is an essential tool to obtain GDPR compliance. Advanced text-mining technology can be used to provide a full list of (pre-defined) Personally Identifiable Information (PII) and auto-redaction will ensure that PII is anonymized or pseudonymized before information is transferred to a regulatory agency outside of the EU or disclosed in a virtual data room.
In the practical webinar “eDiscovery under the GDPR”, ZyLAB will use actual customer cases to illustrate how utilizing the right eDiscovery solution can solve these problems SMARTER, BETTER and FASTER.
Join us and find out how ZyLAB supports companies in ensuring compliance with these ever-stricter data protection and privacy regulations.