With tons of data passing around each day, its protection becomes an important priority for both organizations and individuals. eDiscovery works and thrives solely on the principle of data collection and processing. The GDPR, which came into effect in May 2018, can have all kinds of implications on eDiscovery. The GDPR applies to all the companies and organizations processing data for all EU citizens.
The GDPR now applies to all companies that process data of the data subjects residing in a member country of the union regardless of where the company is located. In the purview of the GDPR, laws and regulations have been ensured and put in place to protect the rights of the data subjects. The GDPR extends its rules to both data controllers and data processors.
An organized and planned approach will help eDiscovery firms tackle the new laws set forth by the data regulation. All organizations are required to know where they have their data stored. This is not only a way to comply to the regulation but also a way to improve the discovery process.
Keeping data subjects aware of the ongoing eDiscovery process will ensure that consent is obtained before data is transferred or processed. An established system for notifying data subjects, will be important in meeting and maintaining regulatory compliance within the eDiscovery process .
Another major feature of the GDPR that affects the eDiscovery process is the ‘Privacy Impact Assessment’ obligation. Data that is deleted or maybe potentially relevant to an ongoing investigation in the US could result in a request for a company to produce data, but the company’s compliance with the GDPR would create a shield against the access of the data.
Despite the regulatory challenges inherent in the GDPR, the approaches to handling data can sufficiently be handled by most eDiscovery teams, using technology already at their disposal. The new GDPR requirements also can enable an organization to streamline, enhance and improve their existing approaches to eDiscovery.
Companies can start meeting GDPR requirement by auditing eDiscovery data to locate any personal information on EU citizens. With the GDPR in place, companies need to try and update their privacy and litigation policies in order to cater to the requirements of the GDPR. It is necessary that companies keep track of audit trails and ensure proper protection of data. The GDPR allows for varied approaches to handling data, but ensures it is done with legitimacy.