Until recently the new privacy regime introduced by the General Data Protection Regulation (GDPR) was, to an extent, viewed by some outside the EU as a regional data protection anomaly that could affect business-as-usual activities. However, in the wake of impactful international data breaches like Cambridge Analytica, Equifax and TalkTalk, many non-EU citizens now have increased awareness and heightened concerns about the use and security of their personal information. Together with the harsh reality that it is virtually impossible for global corporations to segregate data privacy policies by region, these developments have created a perfect storm for global corporations, many of which have responded with new privacy policies that apply GDPR standards across the board, to all data for all clients or ‘data subjects’ irrespective of their citizenship, residency or the location of their data.
The GDPR has therefore effectively established a new international standard for data protection and this will challenge traditional litigation and investigation practices beyond the EU.
In this discussion, experts in privacy and e-discovery will discuss the impacts of GDPR in terms of the collection, analysis, review, and production of data for litigation and investigations and propose some practical strategies to help corporations, law firms, and government agencies to navigate the landscape.