BY RICCI DIPSHAN
Photo: jorisvo/Shutterstock.com
The European Union’s General Data
Protection Regulation (GDPR) is still over a year away from
being implemented, but many are warning that the regulation will affect more
organizations more broadly than initially thought.
At Legalweek’s “Finding a New Safe
Harbor: Using Technology and 1LR to Comply With Cross-Border Data Privacy
Rules” and “Update on Effects of Brexit on Privacy and Data Protection
Considerations” sessions, panelists sought to impart a sense of urgency, focusing
not only on the consequences and reach of the regulation, but the unique and
complex challenges it will create for legal professionals.
Here is a look at four
considerations panelists believe legal will need to take into account to
prepare their organizations and teams for the upcoming GDPR reckoning:
1. GDPR Isn’t the Only International
Data Regulation—But It’s the Most Far-Reaching
GDPR is one of many worldwide data
regulations international e-discovery practitioners and counsel will come
across. But the regulation is unprecedented in its scope and its financial
repercussions, making it perhaps the most consequential law that legal
professionals will face.
While there are many data
regulations coming into effect, “they all lack this fundamental set of teeth
that the GDPR has,” said Richard Hogg, global InfoGov solutions leader at IBM.
He pointed specifically to the
GDPR’s “significant financial penalties” of up to 4 percent of a business’
worldwide revenue, which is levied on any organization failing to adhere to the
regulations standards, regardless of “the potential risk to the organization in
the market [or] their reputation.”
Many will be at risk of these
penalties. The GDPR standards apply to EU citizen data that any company or
party, located anywhere in the world, is processing, and how the regulation
defines processing is far broader than most realize.
“Processing pretty much means
everything,” said Jeff Nass, senior counsel of e-discovery at Boehringer
Ingelheim, explaining that almost all data handling or storage processes will
fall under this definition.
No comments:
Post a Comment