Choosing the right privacy compliance software is complicated, especially for those with operations spanning multiple jurisdictions, extensive operations, or complex – high volume activities. This guide helps those who are motivated to comply with multiple privacy laws especially if they would be held accountable to demonstrate compliance.
Across the globe, organizations are preparing for GDPR compliance as the May 25th implementation date looms. And while the legislation does present a number of widespread changes to privacy management obligations that will be uniform across the EU, it will also be interpreted and regulated in myriad ways across each of the member states. Individual nations are beginning to release their own obligations further to the GDPR, and for organizations processing data across multiple countries within the EU, keeping up with the details of each region’s specificities is a daunting task.
Privacy Compliance Software
Over the last several years, the market has been flooded with software solutions to solve a variety of privacy management challenges. Choosing which software will effectively mitigate risk, build accountability, and help achieve ongoing compliance can be complicated. To streamline the procurement process, and take the guesswork out of choosing the right vendor for your needs, today we are going to share everything you need to know about finding the right legal research software provider.
When evaluating privacy compliance software, there are three categories:
Legal research software, which develops a deep understanding of privacy compliance obligations.
Privacy office support software, which builds and maintains a privacy program that demonstrates ongoing compliance.
Privacy management software, which automates complex or high volumes of privacy management activities.
Today, in part one of a three-part series, we will be taking an in-depth look at the first type of privacy compliance software: Legal research software. In parts two and three, we will detail the advantages of the remaining two types of software solutions.
How legal research software can help
We consider legal research software to be the fundamental support software for the privacy office. Why? Because it provides all the necessary information to understand privacy obligations across multiple jurisdictions. It provides this information either on-demand (for example, in a searchable database), or proactively (with notifications in the form of alerts, reports, or push knowledge). The key here is that legal research software enables the privacy office to advise on compliance, armed with up-to-the-minute knowledge, and a thorough understanding of current legal requirements.
The fundamental aspects of legal research software
There are four essential components to the functionality of legal research software:
1) Enabling ongoing compliance
Compliance is, by nature, an ongoing process. The landscape of legislation is constantly changing, with new obligations arising frequently. A simple misunderstanding of a regulation can result in restrictions on the business; and given how long (and sometimes vague) the guidelines published by regulators and authorities can be, the risk of misinterpretation is very real.
In order to remain compliant, the privacy office will require access to information published currently and historically. Thorough legal research software must provide both a quick executive summary view, and a structured operational analysis of any and all authority documents that may impact compliance. This includes regulator decisions, guidelines, and court documents.
2) Detailed legislative knowledge
Under many circumstances, the privacy office will need to track down detailed provisions for a specific activity or business need. Having to comb through these legislations manually can be overwhelming, and sometimes even impossible if the legislation is written in a language other than your own (as is often the case with foreign jurisdictions).
Thorough legal research software analyzes legislations according to specific requirements, based on existing research. In many cases, the software will even offer a search function to identify requirements in the law, sometimes in the form of a customizable chart or table.
3) Keeping informed
Legal research software companies make it their business to stay informed on the key developments in privacy compliance, including regulator decisions, regulator guidelines, court cases, bills, and legislative changes. They are then able to pass this current information gleaned from privacy news feeds and law firm communications over to the user.
4) Advising stakeholders and informing others
One of the responsibilities of the privacy office is to inform others within the organization of their compliance responsibilities on an ongoing basis. Legal research software enables the privacy office to quickly respond to business requests with up-to-date information.
The two delivery methods of legal research software information
Within a legal research software platform, the privacy office can access information in one of two ways:
1) On-demand knowledge
Solutions with on-demand knowledge provide the ability to search and find specific information when required. Additional functionality may include pre-packaged research such as comprehensive comparative legal charts and maps.
When choosing a vendor, be sure to investigate the following:
Their research department: They’ll need to have a dedicated team of privacy professionals to conduct the ongoing research and have proven methodology for analysis.
How they analyze legislation: Make sure that they provide both provisional and summary breakdowns.
Links: Research should provide the links to relevant court documents and provisions of law to ensure a quick lookup.
Language: If your primary language is English, make sure that the provider translates source documents written in other languages into one that you understand.
2) Push knowledge
Solutions with push knowledge provide information customized to arrive in the form of a daily relevant compliance alert, a monthly report, or an updated chart.
When choosing a vendor, be sure to evaluate the following factors:
Customization: Good legal research software will provide the ability to customize push alerts to the individual receiving them. In this way, the information being delivered will provide all the relevant information that the individual needs, and no excess information that is irrelevant to their role.
Licensing: Push knowledge should provide the ability to freely inform others. Review the terms and conditions of the licensing carefully to make sure that it can be shared as needed.
Crafting a business case for legal research software
Three key factors that should spur the decision to procure a legal research software solution are compliance, risk, and accountability.
Compliance is an ongoing process, requiring the discovery of legal obligations and regulatory expectations on an ongoing basis. As obligations and expectations change, the privacy office will need to remain informed, so that they can inform others throughout the organization. For both existing and new data processing operations, legal research software can make this goal a reality.
There are many risks that good legal research software can help to mitigate. These include not only the risk of non-compliance (including penalties), but also the risk to affected data subjects, and the risk of violating contracts with third-party processors.
Legal research software demonstrates to management, auditors, and regulators that the privacy office is monitoring compliance obligations on an ongoing basis. Its use demonstrates that timely advice is being offered to the business, and that the privacy office is continually updating policies and procedures.
Two additional categories of privacy compliance software
In parts two and three of this series, we will take a closer look at the remaining two categories of privacy compliance software: Privacy office support software and privacy management software.