Ignacio Chico, Iron Mountain

GDPR has ‘created legal uncertainty’ relating to consent and the destruction of data

The issue of document management raises questions about how law firms and companies can be sure they are ‘not retaining data unduly’ when archiving information

The EU’s General Data Protection Regulation (GDPR) has led to uncertainty in areas such as “consent, legitimate interest and the destruction of data” and these issues need to be further analysed, attendees at a recent Iberian Lawyer event in Barcelona heard.
Participants in the debate – which was held in collaboration with Ecija and Iron Mountain – also said that the fact such analysis was still required was a concern, given that the regulations have now come into force. In addition, another concern expressed by attendees was that there are different criteria applicable to data protection – depending on the sector – and that this has created legal uncertainty.
Destruction of data is another problematic issue, participants argued, partly because companies need to ensure compliance but also be selective, and this means knowing which data to destroy. This also applies to document management in the sense that law firms and companies archive information and the new regulations raise the question of how they can be sure they are not retaining data unduly.

‘Costly process’
Furthermore, companies need to have an inventory of their information stockpiles, but carrying out such an inventory, or digitising archives is a costly process – one panellist highlighted the example of the health sector, in which there are vast, confidential archives of patients’ medical histories.
As the GDPR is now in force, companies need to ensure they have well-designed systems and processes in place for data management, and also need to analyse how to maximise investment in such processes so that they are effective and comply with the new regulations.
Another issue attendees raised in relation to GDPR was the importance of document management. Specifically, there are doubts about how companies can implement internal mechanisms that minimise risks and costs, as well as what structures are required as a bare minimum. In addition, there is uncertainty among clients about what measures need to be taken when it comes to obtaining consent.
Panellists said that, given the GDPR’s continental reach and its application to all companies and sectors, it can be interpreted in a number of ways and that this has created uncertainty. Meanwhile, data protection is also a new theme for many sectors, having previously only been something that concerned IT companies, panellists heard.
While the regulations give companies the opportunity to justify their actions with regard to data, according to event participants, the application of the law also brings complications. For example, some sectors are more sensitive than others to the theme of data protection, panellists agreed. However, the fact that the new regulations have been designed to be flexible to embrace all types of companies and sizes, and not just for multinationals working in various jurisdictions, is seen as a positive step.

Event: Implementing the GDPR in Three Steps
Location: Barcelona
In collaboration with: Ecija and Iron Mountain

GDPR has ‘created legal uncertainty’ relating to consent and the destruction of data

Garcia-Sicilia

iberianlawyer.com

Iberian Lawyer, is a monthly digital magazine, published by LC Publishing, available in Spanish and English. It represents the main source of information in the legal business sector in Spain and Portugal. The digital magazine – and its portal – address to the protagonists of law firms and in-house lawyers. The magazine is available for free on the website and on Google Play and App Store.

In every issue of the magazine, you will find rankings of lawyers, special report on trends, interviews, information about deals and their advisors.

For further information, please visit the Group’s website www.lcpublishinggroup.com

Iberian Lawyer
Registered office: C/ Manuel Silvela, 8 - Oficinas 1 Dcha 28010 Madrid España

Copyright 2022 © All rights Reserved. Design by Origami Creative Studio

SHARE

Share on linkedin
Share on twitter
Share on facebook
Share on whatsapp
Share on email
Share on telegram