In today’s technology-centric world, data is everything to everybody. As our personal lives and business strategies become ever more digitised, companies are placing greater value on the data they collect and are using this to drive decision-making and inform priorities.
The twin challenges of data privacy and data security are front of mind for all businesses, whether that’s financial institutions analysing consumer data and spending data; healthcare and life sciences companies tracking patient data; or tech-enabled consumer goods firms using customer data to drive algorithms and shape the products of the future.
Every organisation needs to keep abreast of fast-moving developments and ensure they have the correct skills and experience within their teams to address data challenges. Where rapid upskilling is required, or additional resource is needed to respond to pressing needs, interim support can be a great solution.
Regulatory change puts pressure on in-house resources
The increased scrutiny now coming from regulators looking into corporate data practices is a particular issue for businesses. Rules are new and evolving, with data protection fast becoming a highly regulated space where the consequences of non-compliance are significant. Under the EU’s GDPR legislation, for example, companies are liable for fines of up to EUR20 million or 4% of annual turnover for infringements. This increase in regulation has placed further pressure on in-house legal teams that are frequently without the available talent to respond.
Consumer awareness around data protection is on the rise, leading more customers, employees and other stakeholders to ask companies questions about the data they hold. Under GDPR, individuals now have the right to access and receive a copy of their personal data through data subject access requests – figures from the UK Data Protection Index suggest companies are dealing with more than ten such requests a month.
Plus, further regulation is gaining impetus. The European Commission recently published draft legislation to regulate the use of and access to data generated in the EU across all economic sectors. Unlike GDPR which focuses solely on personal data, the Data Act 2022 aims to capture almost every type of information that can be digitised and stimulate a competitive, innovative and open data market. The European Commission has estimated that the amount of data being generated is set to increase from 33 zettabytes in 2018 to 175 zettabytes by 2025, and it wants to regulate to achieve a fairer distribution of the commercial value derived from that data.
In the meantime, the outcome of the Schrems II judgment from the Court of Justice of the EU in 2020 continues to have ramifications for businesses. That ruling invalidated the Privacy Shield that had previously been relied on to legitimately transfer data from Europe to the U.S., having a significant impact on EU-U.S. data transfers and forcing many organisations to update their programmes to rely on alternative data transfer mechanisms.
The pace of regulatory change and the global nature of the scrutiny mean many companies need experienced, highly skilled interim resources to drive forward projects in response to new rules. When it comes to staying on top of changing regulations, Peerpoint consultants have a real edge, in that they are able to call on A&O’s network and other Advanced Delivery and Solutions business. Our legal consultants can then help businesses address changing rules and requirements across jurisdictions, as well as support training and upskilling in the existing team for the longer term.
Delivering on quick response times
With so much value now attached to data, companies also need to have strategies in place to respond quickly and robustly to both requests and breaches. We regularly see demand for legal consultants to support the design and set-up of such data protection strategies in collaboration with other key stakeholders. UK government figures show that 39% of UK businesses were subject to a cyber attack in the 12 months to summer 2022, with 31% of those saying they had experienced attacks at least once a week. In the U.S., the 2021 Thales Data Threat Report similarly found 45% of U.S. companies had been subject to a data breach, and the scale of the threat continues to increase.
Geopolitical instability has been shown to be increasing the volume of cyber-attacks, upping the ante for businesses still further. A strong and timely response plan requires collaboration across various teams within a company, including public relations, IT and data security, legal and human resources. Making sure those approaches are agreed ahead of time – and policies and procedures are in place to satisfy regulators of corporate preparedness – is typically an additional responsibility of the in-house legal team and an area to which an interim lawyer can add market knowledge and support.
Addressing the talent challenge
With data protection requirements adding additional workflow to already stretched legal teams, many are seeking to address the urgent need to upskill their data capabilities. The type of support that companies are looking for from interim resources varies but often includes on-demand back-up to help with high-volume needs around data subject access requests. This used to be a big issue primarily for companies operating in the consumer marketing space, but now all businesses are dealing with growing volumes of requests from both corporate clients and individuals.
Supporting efficient upskilling
When it comes to training, there is an expectation today that all lawyers will have a degree of data protection knowledge. Consultants can assist with upskilling in-house teams on the basics, ensuring all lawyers in the business are cognisant of the data elements that should be present in both employment and commercial contracts, and identifying further training requirements that need addressing. For example, a Peerpoint consultant has recently helped an investment manager on the impact of Schrems II and also trained the rest of the legal team by way of upskilling them for the future.
Given the current state of the talent market, bringing in a legal consultant to support the existing team can be an easier solution than seeking additional personnel for the longer term. Peerpoint has a sizeable team of data protection lawyers on our panel, available to support clients on contracts of varying durations – on a full-time or part-time basis – in markets around the globe.
Find out more
Should you wish to discuss your data protection needs or any other themes raised in this article then do get in touch with one of the team here.