By Daniel Schuuring, Director of Product Marketing
During the last week of January, I traveled to New York for the Legal Week conference, previously known as LegalTech. This show focuses on the legal industry and as the organizing committee promises, is “the largest and most important legal conference and trade show that you cannot afford to miss!” It has been a few years since I visited the show, so I was very curious about changes and trends and was looking forward to catching up.
After setting up the booth one day before the show, we went back to the hotel. Together with my Dutch colleagues, I stepped into the elevator where a lady welcomed us by asking if there was a “Tall Guys Convention”. I don’t consider myself as being that tall, but probably in a small elevator three Dutch guys can be overwhelming “Tall Guys” to American standards, especially since the lady asking the question, was kind of small herself (for Dutch standards).
So, as a “Tall Dutch Guy” I went looking for more “cultural” differences between EU (Dutch) and US (eDiscovery). Talking to our US clients and the visitors of Legal Week, I discovered there are not that many. That said, there is one particular topic that is on top of the lists of legaltech teams on both continents; the new EU General Data Protection Regulation (GDPR).
By the end of May 2018, the GDPR will regulate all activities involving the personal data of EU citizens. Under this regulation, companies around the world are only allowed to process and store data of European citizens if they can prove compliance with the strict rules of this regulation.
It does not matter if you are a European company or not; the new GDPR will bring substantial changes and compliance challenges for every organization that collects, processes, stores, and transfers personal data, anywhere in the world.
To be compliant with GDPR, an organization needs to be able to identify exactly where data is. It does not matter whether that data is in its own data centers, in the cloud or with a third party: the data controller – including law firms, LPO’s, and governmental agencies- will be held responsible for data at all times.
With the GDPR, the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU) and to synchronize the present data protection laws of the EU member states. It also addresses the export of personal data outside the EU.
By the end of May 2018, companies need to have implemented appropriate technical and organizational measures and stand ready to demonstrate compliance. They are further obligated to review and update measures on an ongoing basis as necessary.
Litigation and the threat of litigation has until now, been the primary reason for eDiscovery. The implementation of the GDPR add a very important driver. Under the GDPR, any European data subject can execute their “right to be forgotten”. This means that any data subject can request that all data a company holds on him or her will remove. Companies need to be able to demonstrate that they can do that. And before any data can be shared with a third party, like an overseas regulatory agency or potential buyer in an M&A project, all personal information has to be anonymized or pseudonymized.
This makes the notion that you only need eDiscovery in case of litigation, obsolete. All companies in the EU and all US companies doing business with the EU need to have a combination of data classification and eDiscovery in place by May of next year.
Watch this 30-min video demo to see what you can do to prepare for eDiscovery under the GDPR.
I heard a lot of complaints from people that data collection tends to start on Fridays, preferable late afternoon. This is definitely not different in the EU. After a hectic week, for many cases the list of custodians is finalized on Friday and send to those responsible for collection. Of course, data is then expected to be ready for review on Monday morning. So therefore it’s very important to be able to collect directly from the source to speed up collection and start processing at the same time to make sure the data is ready. Alternatively, with ZyLAB’s browser based upload functionality it’s easy to upload large files and start processing instantly.
To finalize, at Legalweek, it’s great to meet again in person with our US colleagues, friends from the industry and to catch up with my favorite people from ACEDS (Association of Certified E-Discovery specialists). We just launched the ACEDS Benelux Chapter so it was great to talk to Mary Mack and Kaylee Walstad and to make lots of exiting plans for the future. Stay tuned!