GDPR and it's Impact on eDiscovery and Cybersecurity

Nov 15, 2018

In the Spring of 2018, the General Data Protection Regulation that the European Parliament and Council agreed to embrace will replace the old Data Protection Directive. The GDPR will become the new primary law that protects the privacy and personal data of European Union Citizens.


GDPR will also change eDiscovery and cyber security in important ways that your firm needs to be aware of. Some of the major changes to expect include the following:


  • New data transfer requirements: Once GDPR goes into effect, it will be imperative to be able to document where data is housed, both for data that a third party holds as well as for any data that is self-hosted. When data is transferred, data flows will need to comply with strict security standards imposed by EU data privacy authorities.  Clients and eDiscovery partners will need to collaborate early in the process to develop a plan for data transfer, to establish limits on data accessibility, and to review protocols for cross-border transfers that comply with GDPR.


  • New requirements on searches for personal data: GDPR includes a “right to be forgotten,” and those who store data must be able to effectively search for and remove personal information in order to avoid violating this new right. This will impact both the nature and type of personal data that can be stored as well as the way in which data is handled.


  • New protocols for data screening: Under current regulations, the eDiscovery process typically involves providers receiving all potentially relevant data. However, because of stricter requirements related to data transfers and storage of personal data, running onsite searches to determine relevance will be important. When onsite searches are performed, less data will need to be transferred. Limiting the transfers that occur and data that is stored will reduce the risks of substantial fines and penalties resulting from failure to comply with privacy and security standards.  More discipline will be required to facilitate discovery planning that limits transfers to only relevant information.


Celeritas Associates can help your firm to ensure you're ready for GDPR. We specialize in eDiscovery and cyber security and keep up-to-date in regulatory changes that effect how firms handle digital data. To find out more about how our staffing service can help you, give us a call today.