Digital White Papers

O365

publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/914682

Contents of this Issue

Navigation

Page 14 of 33

15 WWW.ILTANET.ORG | ILTA WHITE PAPER OFFICE 365 A New Hope: How to Leverage Office 365 to Mitigate GDPR Risk » Operationalizing the right to be forgoen: Included in GDPR is an erasure (or "right to be forgoen") provision that gives EU citizens the option to require their personally identifiable information to be erased from a corporation's database and made inaccessible to others seeking their information. Many in the legal field are still trying to understand the intentions and interpretations of this aspect of the regulation, but the right to be forgoen will clearly create the biggest challenge among all the responsibilities defined in GDPR. Organizations will struggle to navigate nuances such as paying pensions and maintaining necessary records for employees or former employees that have invoked their right to be forgoen. Microso is working on features within Office 365 that will help corporations manage their obligations to meet users' rights under this rule. Counsel must know of this issue and work proactively to understand possible interpretations of it and establish workflows for the cloud that will allow the organization to comply. » Regulatory enforcement procedures: It is still uncertain exactly how GDPR will be enforced, and what the expectations will be for corporations to self-report when they identify and remediate a violation. While there likely won't be clarity around this until well aer the regulation has gone into effect and we've seen further guidance on this front, it is important for legal teams to build their IG and cloud programs in a way that enables them to identify noncompliance easily and correct it quickly. Again, when Office 365 is set up with strong data governance parameters, organizations will have a much more streamlined and automated way to maintain policies and catch problems before they spiral out of control. Both Office 365 migration and GDPR are proving to be forcing functions for collaboration among cross-functional teams that have not typically worked on mutual initiatives. Legal must be a key stakeholder to inform the organization of the risks, requirements and best practices for minimizing issues. Information security must engage on a periodic basis to ensure proper data segregation and audit safeguards, while IT will own execution and operationalization of the overall IG plan and technology solutions. Microso's efforts to prepare its cloud infrastructure for GDPR compliance will help companies using or migrating to Office 365 strengthen their preparedness and reduce risks. Working toward compliance, even amidst the many unknowns, is critical and can no longer be ignored at this stage in the game. At a minimum, the fundamental areas of the regulation are clear, and provide enough guidance for companies to put the important pieces in place. Claiming ignorance will not be an acceptable excuse for lack of preparation or failure to set up compliant cloud systems once the EU begins to pursue enforcement of the regulation next year. ILTA T. SEAN KELLY T. Sean Kelly Is a senior director within FTI Technology's information governance and compliance services practice. He advises clients on all aspects of ediscovery and information governance, with a particular focus on developing and implementing legal-hold processes and technology and the legal impacts of migrating to Microsoft Office 365. He leverages more than a decade of experience in both legal technology and litigation support to advise clients on evolving technologies and the shifting landscape associated with cross-border transactions for global enterprises.

Articles in this issue

Links on this page

Archives of this issue

view archives of Digital White Papers - O365