GRC & the General Counsel – Achieving Defensible Data

We highlight here findings from the “2020 Legal Leaders’ Report,” sponsored by Today’s General Counsel.

For most Legal Leaders, the biggest challenges have one thing in common: how to defensibly manage their organization’s data.

This is due largely to the implementation of new data privacy regulations in Europe and the US that feature consumer rights to include a “right to be forgotten.”

Legal Leaders ranked the following challenges in 2020:

  1. Preventing a data breach
  2. Responding to discovery request for new data sources
  3. Responding to consumer requests

One issue noted was only two departments directly involved in risk mitigation efforts are very likely reporting to the GC: Legal Ops and Litigation.  It’s imperative that GCs play an integral role in establishing a defensible strategy within Compliance activities. Privacy, Security, and Ethics report to the GC a little less than half the time.

Legal Leaders believe the General Counsel’s scope of influence is likely to continue expanding for the foreseeable future, primarily due to growing risks surrounding:

  • Data Breaches
  • Data Privacy
  • Increasing Litigation
  • COVID-19

 Managing Data

Directly specific to COVID-19, Legal Leaders say they’re most worried about the surrounding legal obligations regarding management of employee data, given the influx that some departments are facing.

3-out-of-5 GCs are either concerned or very concerned about new data privacy laws:

  • CCPA is the top concern
  • GDPR ranks second
  • Other state laws coming ranks third

Evolving Data Risks

The reality for us is we are severely overworked, overwhelmed, and understaffed, so the urgent crisis always takes precedence over the ‘we need to do’ list,” says one respondent. “Ironically, that often only changes when the crisis du jour is something that could and should have been avoided altogether by having addressed the subject in a comprehensive way up front.”

7-in-10 don’t have a data minimization/defensible deletion program in place. Organizations that store too much data – particularly those governed by data privacy regulations – and don’t enforce retention policies are sitting on a timebomb that could blow via a data breach or litigation.

4 takeaways from the report:

  1. The General Counsel’s Business Influence is Growing
  2. Most Compliance Challenges Start with Defensibly Managing Data
  3. A Comprehensive Data Management Strategy is the Only Way to Overcome Evolving Data Risks
  4. Comprehensive Data Management Means Enterprise-Wide Collaboration Led By Legal

If you are interested in learning more about a platform that enables risk mitigation of data governance and data privacy, Schedule Demo 

Leave a Reply

Your email address will not be published. Required fields are marked *