A recent report from Forrester Research documents the lightning-fast pace of cloud adoption: the global public cloud market is expected to hit $178 billion in 2018, a steep increase from $146 billion spent last year, and cloud adoption in enterprises is expected to cross the 50 percent mark in the months ahead.
“Cloud computing has become the de facto platform on which enterprises are fueling digital transformations and modernizing IT portfolios,” reported CIO Magazine.
This speed of cloud migration is just as fast within the legal services marketplace in particular. The number of lawyers using cloud platforms crossed the tipping point in 2017, with 52 percent of lawyers now adopting the cloud, according to the ABA Legal Technology Survey. The rise of cloud adoption in the legal industry is particularly significant because it is taking place against the backdrop of a major realignment of international regulations designed to safeguard private data.
The most notable of these new laws is the EU General Data Protection Regulation (GDPR), which is set to officially go into effect on May 25, 2018. The GDPR applies not only to those companies headquartered in the EU, but also any non-EU company that transacts business in Europe. It covers the entire lifecycle of personal data, from its creation to its handling and its storage, and lays out comprehensive information governance regulations that organizations must follow or they will be subject to staggering financial penalties—as much as 5 percent of a company’s global revenues.
So how does the looming implementation of the GDPR impact the rise of cloud adoption in the legal services marketplace, especially when it comes to such sensitive matters as litigation and electronic discovery?
For starters, data stored in the cloud is leaving the organization’s physical premises and being entrusted to a third party for secure hosting elsewhere. That places the responsibility on the organization to make sure that it is partnering with a cloud hosting provider that can provide proof of GDPR compliance by delivering the right level of security, maintain a clear chain of custody for data access and produce detailed logs that document every touch of the data. If an organization isn’t careful about how they monitor the way data is handled and protected, they run the risk of violating the GDPR and incurring serious penalties.
Second, by its very nature of virtual storage and retrieval, data that is migrated to the cloud may prove to be more difficult to extract than it was to deposit. Cloud providers are financially incentivized to keep your data housed on their platform, so not surprisingly they tend to make it onerous and inefficient to extract. This is a critical consideration in the event of litigation and the subsequent demands for preservation orders (“litigation holds”), as well as the potential for e-discovery.
This was one of the topics discussed in a recent live webcast program presented by AccessData and EDRM at Duke Law School. Recognizing the importance of legal professionals having a clearer understanding of the key guidelines shaping cloud-based information governance under the GDPR, the expert panelists addressed challenges and benefits of conducting e-discovery in the cloud. To hear the audio playback of the program, please click here.
Whether your organization has already migrated to the cloud—or is still in the research and analysis stage—it’s important that you partner with the right experts who can ensure that your cloud hosting provider is following GDPR-compliant practices. It’s also essential that you have the right data collection tools in place for when you are required to harvest data back out of the cloud in response to a litigation or investigation. These tools enable organizations to navigate the challenge of conducting e-discovery in the cloud in a forensically sound manner that is compliant with the GDPR.
EDRM at Duke Law School is also working hard to ensure that litigation professionals have clear guidelines in place for navigating GDPR compliance. In fact, they are leading the way in our industry by creating a GDPR Working Group—consisting of in-house counsel, plaintiff’s attorneys, defense attorneys and litigation support professionals—that is developing a practical document to assist legal teams involved in proceedings that require personal data subject to GDPR to be collected and transferred for use as evidence in a matter.
AccessData is proud to be a “Gold Sponsor” of EDRM and our very own Sam Holt is helping to shape the guidelines for GDPR compliance through his volunteer efforts as a member of EDRM’s GDPR Working Group.
“Our group’s goal is to both raise awareness about the importance of GDPR compliance, as well as to provide industry participants with specific guidance about how they can make sure their information governance and e-discovery policies are in accordance with these new regulations,” said Holt. “I’m honored to be a part of this working group and look forward to collaborating with so many talented professionals as we work together to advance industry best practices.”
We will publish occasional updates on the progress of this important initiative.