The new GDPR data rules are EU-wide and will have a major impact on companies of all sizes. The new data rules mean that anyone collecting personal data on clients and customers will have to ensure that they have new, internal data protection policies and procedures. This includes more onerous obligations on internal data controllers, as well as much greater fines for those not in compliance.
The Enforcement date is 25 May 2018, but most leading data experts are warning companies, including law firms and legal AI companies, that they need to ‘get their houses in order’ before the deadline or risk investigation and fines, as leaving it to the last minute may not be sufficient.
In effect every single business in the EU that collects personal data will need to be compliant, meaning compliance checks will be needed on potentially tens of thousands of enterprises across the 500 million population bloc. To make matters more complicated, because of Brexit, when the UK finally leaves the EU, businesses in the UK that also operate in the new smaller EU will have to comply with GDPR and whatever new UK data system is developed. In short, this is going to be a huge area of compliance complexity and data lawyers are eager to get involved.
And, to make it even more complicated, non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU. I.e. some large American or other non-European-domiciled companies could also be caught by this new data regulation.
RAVN said in a statement that the GDPR system uses AI techniques to automatically identify documents and other types of data in any business system which is subject to GDPR rules.
The system allows users to quickly and easily search, retrieve, flag, classify and report on data considered to be sensitive under GDPR. Users also have the ability to identify personal data from documents, view feeds on the latest personal data that requires attention and provide reports on the data suggested to be deleted or secured.
RAVN’s GDPR system is also able to expedite requests for information (Data Subject Access Requests – “DSAR”) in a simple and efficient way, removing the need for a manual approach to these requests which tends to be very labour intensive.
Peter Wallqvist, CSO at RAVN, said in a statement: ‘GDPR compliance is of universal importance as it will apply to any organisation that control and process data concerning EU citizens. Using RAVN’s unique ACE technology, the GDPR [system] has the ability to deal with several aspects of the GDPR obligations in one platform: auditing large volumes of structured and unstructured data, dealing with DSARs very efficiently, and finally to help review contractual obligations that are affected by the new regulations.’
Extract of new GDPR Rules, Via Wikipedia + Official Journal of the European Union
The following sanctions can be imposed:
- a warning in writing in cases of first and non-intentional non-compliance
- regular periodic data protection audits
- a fine up to 10,000,000 EUR or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 4)
- a fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater (Article 83, Paragraph 5 & 6)