Managing the Risks of Data Production in the Wake of the GDPR
In the United States, preserving potentially relevant information for litigation is the law of the land. With this focus on eDiscovery obligations, courts are typically less than forgiving when parties and their counsel withhold documents on the basis of data protection. Relying on foreign statutes to excuse the failure to produce data has often raised not only eyebrows but also suspicions about the withholding party’s underlying motives.
But the recent, well-publicized implementation of the General Data Protection Regulation (GDPR) gives European data subjects far-reaching control over their personal data—a broad category that encompasses not just a person’s name and birthdate but also demographic background, biometric data, health information, computer IP address and much more. Now, anticipating some pushback from U.S. judges, parties litigating cross-border matters must take steps to remediate the privacy issue before they appear in court.
Given the stakes involved in large, cross-border matters—U.S. discovery sanctions versus GDPR violations that can reach up to 4 percent of a company’s global annual turnover or 20 million Euros, whichever is greater—companies must reconcile the requirements of the changing data privacy landscape with their eDiscovery obligations.
Fortunately, by using technology to reduce the amount of personal data retained and outsourcing to shepherd that data through the eDiscovery process, companies can affordably achieve workable solutions that serve both masters.