Examining E-Discovery Statistics: Is Cross-Border E-Discovery a Meaningful Distinction Anymore?

In this entry in our series on interesting e-discovery data points, I'd like to dig into a topic that's been receiving a lot of attention--and will continue to do so for the next month and a half at least: GDPR, cross-border discovery, and the increasing conflict between organizations' domestic e-discovery obligations and international privacy regulations. Norton Rose Fulbright's 2017 Litigation Trends Annual Survey covered the question of international regulations with a couple of data points, and at the surface level, they tell two very different stories about the intersection of e-discovery and international regulations.

The first data point looks at the relative proportion of legal matters that require cross-border discovery. From this perspective, one could be forgiven for thinking GDPR's impending arrival is essentially a big fat nothingburger, with 80% of respondents having limited exposure (at best) to legal matters with cross-border discovery requirements. These organizations could conceivably think that GDPR compliance is not a big concern for them. 

However, immediately after this question, it turns out that framing the question in a different way considerably changes their perspective. 

Consistent over the past two years, more than two-fifths of respondents to the NRF trends survey have had to balance data protection regulations in one jurisdiction with their discovery obligations in another. So even if the case itself doesn't "cross borders," there's a good chance that the data involved will--a good enough chance that organizations should consistently pay attention to the delicate balance between data protection regulations and discovery obligations.

The fact of the matter is that large enterprises' data sources are so broad that most legal matters have the potential to have cross-border (or cross-jurisdictional) data protection concerns. For such organizations, GDPR compliance isn't optional--it's mandatory. And the time for "assessing" and "planning" is past. GDPR becomes enforceable in just six weeks' time. 

International organizations, and especially their in-house legal departments, must have in place not only processes and technology that can help address these conflicts; they also need to successfully change the culture of their organizations to a point where e-discovery practitioners--litigation support teams, paralegals, and IT professionals included--recognize and resolve cross-jurisdictional concerns as a matter of practice.

To find out more about what such an organizational culture would look like, register for the upcoming Exterro and Yerra Solutions webcast, GDPR Is Here. Now What? on May 9th.