- New Team For Weinstein, Who Thinks He’s In a MoviePosted 13 hours ago
- Amazon Will Spend $700M To Retrain Third Of Its WorkforcePosted 2 days ago
- Data Breaches Down, Financial Impact UpPosted 2 days ago
- Cyber “Advanced Persistent Threats” Lurk Before StrikingPosted 3 days ago
- #MeToo Exposed HR’s Greatest Success, Protocols to Defend Against LawsuitsPosted 3 days ago
- AI Masters Poker. Is Cybersecurity Next?Posted 4 days ago
Litigation Holds and the GDPR
Executive Summary of an article written by
Aloke Chakravarty and Zaven Sargsian, Snell & Wilmer
The European Union’s General Data Protection Regulations (GDPR) complicates compliance with litigation holds. United States courts expect corporate litigants to properly preserve records and have issued severe sanctions in cases where they aren’t preserved. In the European Union, civil discovery is more limited, and litigation holds are less common. Although every United States company that possesses information about European Union citizens is not automatically subject to GDPR, a company that is targeting European Union citizens or actively tracking their behavior is likely to fall within its ambit.
The GDPR defines “personal data” more broadly than most United States laws. If the hold relates to any such data, then a company must determine whether it has a lawful basis to preserve. Under the GDPR, preservation is lawful if it is necessary for the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the fundamental rights of the data subject.
Some preventive steps are prudent in order to not run afoul of the GDPR. First, establish a high quality GDPR compliance program. Potential legal issues are likely to be exposed in the process. Filling those gaps will show diligence. Try to obtain a prior consent. It signals the transparency that the GDPR encourages. Tailoring a hold narrowly to only that which is necessary and monitoring judiciously will limit risk. This will require training for personnel in both litigation and compliance functions, and can be aided by automated processes.Read the full article at:
Today's General Counsel