3 Ways the GDPR Will Change How Legal Professionals Work

This article was written by Ben Hancock for CorporateCounselThe original article can be found at: https://www.law.com/corpcounsel/2018/05/02/3-ways-the-gdpr-will-change-how-legal-professionals-work/?kw=3%20Ways%20the%20GDPR%20Will%20Change%20How%20Legal%20Professionals%20Work&et=editorial&bu=Corporate%20Counsel&cn=20180502&src=EMC-Email&pt=AfternoonUpdate

It’s no secret that the EU’s General Data Protection Regulation (GDPR) is overhauling how companies must deal with personal data. But the massive law, which takes effect May 25, is also creating big changes for the way lawyers and other legal professionals work.

In separate interviews, three experts on the GDPR share their insights about how their practice has evolved since the law was approved two years ago, and what they see down the road. This article contains excerpts from the latest episode of Law.com’s “Legal Speak” podcast. You can listen to the full episode on Apple Podcasts, Google Play or Libsyn.

1. Privacy lawyers are becoming more like “business advisers.”

Kolvin Stone, a London-based privacy lawyer with Orrick, Herrington & Sutcliffe, said his practice has shifted in the past two years from being focused mostly on transactional work in the technology space to being almost 90 percent privacy. He attributes that to the GDPR, and the way in which privacy has become a mainstream issue in news and politics.

But it’s not just the volume of privacy-related work that’s changed, Stone said. It’s also a fundamental shift in approach to the practice of law.

“We’re becoming much more business advisers,” he explained. “We’re really helping clients determine what the legal rules mean for them in practice — what do [they] have to do on a day-to-day operational basis to be able to comply. So that is more consultancy.”

“That I think is quite a difference in terms of how I’ve typically practiced law in the past,” Stone added.

2. E-discovery is going to get even more complicated.

E-discovery is already a massively complicated area of legal practice. There are reams-worth of electronic documents and other types of data that have to be collected and analyzed in order to conduct an investigation or draw out a cohesive narrative in litigation. Debbie Reynolds, the director of EimerStahl Discovery Solutions in Chicago, said the GDPR introduces new layers of complexity due to strengthened European Union rights around personal data.

Instead of just talking with a company’s GC or IT department, e-discovery professionals will have to communicate directly with data subjects about consent.

“If you’re reviewing documents … everything is sort of forward-moving. So if you get in a situation where you have someone who says, ‘OK, and now I want to pull my consent for these documents,’ we have to be able to find those people’s documents and actually pull them out of the process,” said Reynolds.

“We have to be able to track and document the different levels of consent that we have and the different notices that we send out,” she added, explaining that this means that there will have to be new levels of transparency in the process.

http:::pexels.com

3. Attorneys will have to work more directly with software engineers.

With the growing adoption of complex machine learning tools, companies are able to do even more powerful things with data—to make associations and draw insights in ways they might never have been able to do before. But under the GDPR, there are strict rules on processing data only for the purpose for which it was collected, and different provisions apply depending on whether an entity is a data “controller” or a data “processor.”

As a result, privacy lawyers are going to have to have to work more closely with the engineering teams at companies, said Jeewon Serrato, the San Francisco-based head of Shearman & Sterling‘s privacy and data protection group. ”Knowing the legal construct and working with the engineers hands-on I think is really what is needed,” Serrato said. “It’s not enough for the lawyers to just come up with the contract—the engineers need to know how to actually embed these kinds of controls.”

This article was written by Ben Hancock for CorporateCounselThe original article can be found at: https://www.law.com/corpcounsel/2018/05/02/3-ways-the-gdpr-will-change-how-legal-professionals-work/?kw=3%20Ways%20the%20GDPR%20Will%20Change%20How%20Legal%20Professionals%20Work&et=editorial&bu=Corporate%20Counsel&cn=20180502&src=EMC-Email&pt=AfternoonUpdate

Leave a Reply

Your email address will not be published. Required fields are marked *