In the first year since its adoption, the General Data Protection Regulation (GDPR) has caused widespread panic, much of which is due to its slightly impenetrable drafting. A proliferation of misinformation has resulted in many businesses and industries addressing data privacy with a nearly-paralyzing level of caution. This article explores the impact of the GDPR on the e-discovery industry and demystifies some of the less-discussed provisions and exemptions.
When Does the GDPR Apply?
On its surface, the GDPR appears to have a broad reach: It applies to all processing of personal data where the data forms part of a filing system. As such, it may appear that the GDPR applies to all activities typically undertaken in an e-discovery project (“processing”) and to almost every circumstance where information about an individual exists (“personal data”).
However, in reality, the GDPR is focused on protecting individuals and safeguarding data from data processing giants like Facebook and Google, not on restricting the flow of information or legitimate uses of data. This is evidenced by paragraph 15 of the preamble:
“Files or sets of files [...] which are not structured according to specific criteria should not fall within the scope of this Regulation”
This provision is important because it establishes a distinction between normal, everyday usage of data such as an individual’s mailbox and loose files (unstructured data) and carefully structured pools of information such as a customer database of contact details (structured data). …
Excerpted from LegalTech News. To read the full article, click here.
Strandevold co-wrote the article with Benjamin Sexton, JND.