In-house legal teams 'demanding more' GDPR compliance evidence from outside counsel

News by Tom Reeve

Law firms are increasingly being asked to supply ever-greater amounts of evidence of data management safeguards to their corporate clients for GDPR compliance.

(Pic: TimeStopper/Getty Images)

In-house legal teams are demanding more stringent data compliance documentation from outside counsel as a result of GDPR.

They are also working more closely with IT security on data breach response plans, according to a survey of 35 heads of legal departments in Fortune 500 and 1000 companies conducted by Ari Kaplan Advisors on behalf of OpenText, a provider of tools for law firms to assist with forensic data collection and legal document management.

According to OpenText, legal departments have been driven to obtain data management declarations from outside legal counsel in response to the General Data Protection Regulation (GDPR), brought into effect on 25 May 2018 by the European Union.

"With the GDPR, we are now making sure our law firms sign a data protection agreement [and those] who receive personal data, now undergo a mandatory initial security assessment," according to a source quoted by Legaltech News. "What we do is pretty intrusive and could take up to three months."

The survey looked at a number of technology areas impacting law firms. "AI, cloud and security have emerged as top priorities for law firms and enterprise legal departments as we approach 2020," said Todd Elliott, OpenText vice president for security, artificial intelligence, and legal technology.

According to the survey, 91 percent of respondents said their influence on information security decisions within the organisation was growing, with 49 percent feeling the legal team is ‘much more’ involved in information security than they have been in the past.

"Having a seat at the table is significant as 91 percent of respondents also reported they have data security concerns around distributing electronically stored information to multiple discovery vendors and law firms," OpenText said.

GDPR is driving big changes in how law firms operate, with 80 percent of respondents saying data protection and privacy affects internal processes around discovery and investigations.

Helping to focus minds on the issue is the fact that 49 percent of respondents said the volume of government or regulatory investigations has grown in the past 12 months.

Despite this growth in demand for GDPR documentation, only 31 percent of organisations audit their outside law firms’ IT systems and cyber-security competency, according to Legaltech News. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews