Update from GDPR Team (Feb. 28, 2018)
The new EU Global Data Protection Regulation (GDPR) will take effect on May 25, 2018, and any organization that collects, handles, processes, or transfers data for or relating to EU citizens or businesses, no matter where your business is based, should be taking steps now to become GDPR compliant. Practitioners and their service suppliers who are caught unprepared may face severe penalties, including revenue-based fines reaching up to 4 percent of annual global turnover as well as private claims by individuals (akin to class actions) for failing to protect their personal data in compliance with GDPR.
GDPR is a big deal, and EDRM members are taking it seriously. EDRM formed a project team in August 2017 to examine GDPR and develop guidance for becoming GDPR compliant, particularly with an eye toward the regulation’s impact on cross-border discovery. Initially focused on data transfers from Ireland to the U.S., the guidance is aimed at mitigating some of the risk that international litigation teams and e-discovery practitioners face when balancing U.S. discovery obligations against European data privacy laws.
At this point, the EDRM team has thoroughly analyzed current case law, GDPR provisions, and scholarly interpretation of GDPR terms. Members will publish their first document, which defines critical terminology related to GDPR, in Judicature this spring, after circulating it to the full EDRM membership for comment.
This first document lays the foundation for future work, which may include guidance on data transfer and the creation of a formal code of conduct in line with the European Data Protection Board (EDPB), which provides interpretation of the regulations.
Join the GDPR Effort
The team is already hard at work, but there is still much to do. Additional volunteers are encouraged to join the working group for an opportunity to build your own knowledge and experience while helping shape the way our industry transitions its approach to data protection. Email edrm@duke.law.edu to ask questions or to get involved.
GDPR Drafting Team Members
Elle Pyle (co-lead), Discovery and Data Privacy Counsel, RuyakCherian LLP
Jonathan Swerdloff, Consultant, Data Systems Specialist, Driven Inc.
Laia Bertran Manyé (co-lead), Attorney in Spain and NY (admission pending) and Privacy Fellow, CIPP/US, CIPP/E, Duke Center on Law and Technology (DCLT), Duke University School of Law
Linda G. Sharp, Associate General Counsel, ZL Technologies, Inc.
Reed E. Irvin, Executive Vice President Strategy & Marketing, Viewpointe LLC
Jim Koziol, Director, Technology and Business Transformation Services, BDO
Sid Jiwnani, Solicitor, Director – Europe, Knovos
Sam Holt, Senior International Engineer/Pre Sales, AccessData
Verna Goodloe, Senior Manager, Records Management, Hyundai Capital