Many business challenges—such as complying with privacy laws or implementing robust data minimization policies and procedures—now span organizational units. In terms of legal and compliance, those challenges break down primarily into three major threats:
- New data privacy laws that grant consumers new rights over their personal data
- Data breaches and the resulting fines and reputational risk involved
- Ensuring preservation of relevant data for criminal or civil litigation
The converging priorities among Legal, Privacy, Compliance, Security, and IT teams within global enterprises has created a new reality for Chief Legal Officers and General Counsel everywhere: Evolving regulations and laws mean that Legal departments now have more influence over processes and technologies that can help mitigate increasing cybersecurity, privacy and compliance risks. For the most part, those risks can be boiled down to how an organization manages its data.
To ensure organizational defensibility against the three data-driven threats outlined above, a new corporate data governance strategy is needed—a Legal Governance, Risk, and Compliance strategy—and it starts with knowing the answers to the following five questions:
- Where does your data live?
- Who owns it?
- Which regulations govern it?
- Which third parties have access to it—and how do they use it?
- How much data do you really have?
These are the foundational questions that will make up the centerpiece of a Legal GRC strategy. Because understanding your data is so critical to regulatory compliance, it all starts with the answers to these five questions—which means having an up-to-date data inventory that can connect to all data sources across an entire enterprise.
This concept is equal parts old, new, and happening whether we like it or not. Many organizations have a data inventory, although it’s not kept up. This old data inventory is now a threat due to new data privacy regulations that offer consumers unprecedented rights to the data housed at organizations that fall under their purview. And because the stakes are incredibly high in terms of monetary and reputational penalties, it’s now more critical than ever to store only data that is necessary for business purposes—and remove data that has moved beyond its retention period. And this is before we even get into the consequences for e-discovery, litigation, and breaches.
Read more about what a Legal Governance, Risk, and Compliance strategy is, why it’s needed, and how one can be implemented at your organization by downloading our whitepaper on Implementing an Enterprise Legal Governance, Risk, and Compliance Strategy.