In case you haven’t heard, it is now the “Big Data Era,” where global email traffic creates 183 billion new messages every day, and corporate data is expected to grow 30% every year. And examining how companies manage all that data was a big talking point at LegalTech this year.
Of course, not all data is the same, which means capturing, retaining, reviewing, and producing enterprise data is no simple task. This kind of thing used to be done manually, with reviewers spending hundreds of hours poring over data to find the relevant case information. And while eDiscovery solutions have dramatically improved the process, it can still require a large amount of human oversight. And with the new massive data volumes coming down the pike, advancements in eDiscovery technology like data analytics are incredibly important. Though it may be a relatively new concept that people don’t fully understand and are hesitant to adopt/implement, we have to face the fact that we need analytics to understand our data.
Another hot topic at LegalTech this year was the EU General Data Protection Regulation (GDPR), a data privacy regulation that comes into effect in May 2018. One session called The Data Privacy Landscape: Emerging Laws Affecting Cross-Border Discovery cited a statistic that 56% of information eligible for remediation cannot be deleted because companies don’t know where and/or what that information is. Which means organizations are unnecessarily liable for information they don’t need to retain. And that becomes a problem when GDPR comes into play, as companies are held increasingly liable for the data they have under their roof.
Now the question is what should organizations be aware of with respect to GDPR? There are three important factors that were heavily emphasized in sessions at LegalTech:
- Extended Scope: Even if you don’t have a presence in the EU, it covers controllers and processors. If you’re a resident in the EU or have employees that are EU residents then you’re responsible for complying with GDPR.
- New Hammer: GDPR has a tiered system for financial penalties. In the past, fines were capped at six figures. Now, if there are data breaches, companies will face fines of 10-20 million euros or 2-4% of global annual turnover, whichever is greater.
- Solutions: Solutions must focus on improving information governance as a whole, not just compliance with GDPR. Governance is the only way to accurately locate data, and data cleanup is a high priority. If your company stores data overseas, the US courts will not accept its distance as an excuse for not producing data.