The General Data Protection Regulation (GDPR), which goes into effect May 25, 2018, will impact cloud data storage providers all over the world, but will have an even bigger impact on the legal implications around the transfer of data.
TechRepublic's Dan Patterson met with Relativity's e-Discovery counsel David Horrigan to discuss the GDPR's impact on legal proceedings, and the transfer of data between law firms and legal service providers.
"The idea behind [the GDPR] is to harmonize the law, and make it almost easier to conduct business, as opposed to dealing with various EU member states and having contradictory policies," Horrigan said. The challenge for US law firms is that the regulation is more strenuous than the previous directive they were used to.
The US is not considered to have adequate data privacy and protection standards under EU law, he said. Horrigan suggests for companies to first have good information governance by hiring a data protection officer, and even obtaining an ISO 27001 certification proving the company met adequate data privacy standards. "When you think about information governance, it's something that you want to do anyway, but procedures such as this will help you comply with the GDPR," Horrigan said.
The GDPR is an important part to having good governance, he said. "It gives you a better handle on what data you have and what you need to do about that data. It's good for your business because it builds trust in people knowing that you're handling their personal data in a satisfactory way."
"It really streamlines your operations, gives you that sense of confidence, and knowing that not only are you compliant with law, it makes sense from just a pure business standpoint," he added.