By Legal Futures’ Associate exterro [1]
When the EU implemented the GDPR in May 2018 to enhance the data protection for individuals, it caused a seismic shift in operations across the organisation, from Legal, to IT to Marketing. With the introduction of the CCPA [2] and other emerging data protection laws around the world, organisations must now, more than ever, get their houses in order to be able to effectively and defensibly respond to the challenges these regulations create.
It seems like old news, GDPR. But the changes and mandated compliance it introduced are still causing major ripples for those adapting to new business processes and laws. Data breach reports [3] are now common throughout our social media feeds. Companies consistently fall victim to reputational and financial exposure resulting from a lack of knowledge, expertise or technology around their data management activities.
The world of data privacy is changing [4], yet many of the solutions remain the same. Laws in different countries, regions and relating practices will play a role in affecting data privacy or e-disclosure activities. You can’t just delete data as a result of a DSAR, if it’s under a legal hold, right?
Businesses need more technical solutions to support them. It’s too much of a burden to handle manually. In the last year, in particular, legal counsel is finding that business efforts to comply with the GDPR have picked up.
Organisations need to think about using everything at their disposal to future proof practices and create an ability to respond very quickly, accurately and defensibly to the changing regulatory landscape. The importance of technology [4] in a changing landscape cannot be understated.
Data lives across all areas of every department. Often, it lives in places that employees in your organisation might not even be aware of, thanks to an undocumented “tribal” knowledge owned by long-tenured employees. According to Exterro’s 2019 In-House Legal Benchmarking Report [5], if there is an inventory of the data, it’s likely on a spreadsheet rather than a software platform. This may be the norm for now, but it will be extraordinarily difficult for organisations and businesses to maintain compliance going forward if that remains the status quo.
The primary benefit of building and maintaining a lean, accurate, and hygienic Data Inventory [6] is that it’s the most efficient way to manage data from both a business and compliance perspective, now and into the future. It’s also the only way to really ensure compliance across regulations like the GDPR and the CCPA, since it’s a shared requirement to turn over any and all information that you have on an individual, should they request it.
The regulatory landscape in 2020 could soon see shifts on the horizon that are as disruptive as the GDPR, or perhaps more stringent. Technology solutions exist that can answer the problems created by these regulations, but organisations must take action to get their data houses in order and make data maintenance a priority. Ensuring compliance isn’t easy, but organisations can leverage technology [6] to make it more manageable and, in some cases, far more cost-effective.
When it comes to technology, it’s important to focus on the important questions first: What data do you have? And what are you doing with it?