Parsons Lab launches an online platform to generate GDPR legal docs
The Utah-based subsidiary of a law firm says this is the first tool to automatically generate a complete set of policies and compliance documents.
Whatever other benefits the upcoming General Data Protection Regulation (GDPR) will accomplish, we know it won’t reduce the number of documents on the planet.
To help reduce the document-creation workload for small and medium-sized businesses, Salt Lake City-based Parsons Behle Lab is out with an automated online platform called GDPR IQ. The Lab says this is “the first automated tool that assesses an organization’s GDPR needs and generates the complete set of required GDPR policies, procedures and proof of compliance documents.”
The Lab is an “innovation subsidiary” of the Parsons Behle & Latimer law firm. The Lab’s president, Kimball Parker, was the founding director of the LawX design lab at the BYU Law School, where he oversaw the creation of a free online tool for Utah residents that helped them respond to debt collection lawsuits, called SoloSuit.
GDPR IQ, targeted at non-European companies that do business on that continent, is built on the SoloSuit framework. It is currently set up to generate 13 different documents, adapted to the answers given by a company in the platform’s online wizard.
The documents include GDPR internal policies and procedures, text for a consent form that a company may then implement as pop-up windows or overlays, Security Controls and Procedures, tracking sheets for training and requests for personal data erasure or access, a Data Protection Impact Assessment and others.
The biggest generated document, Parker told me, is the Record of Processing, which can be used by the company to track how every location uses every form and how it handles each category of personal data management.
Some companies, particularly in the ad tech sector, are looking to “legitimate interest.” If a company can show it has a legitimate interest in the data, according to GDPR guidelines, such an interest can outweigh the need to acquire user consent for personal data. But many GDPR experts say few companies will be able to validly claim legitimate interest, meaning that consent will be needed in almost all cases.
GDPR IQ doesn’t take a side in this still-evolving argument, but it does provide a Legitimate Business Interest Analysis Form to help a company determine the reasons for its position.
The documents were drafted by GDPR experts at Parsons Behle, then reviewed and verified by an EU-based law firm. GDPR IQ isn’t currently integrated with any other platforms, and it doesn’t have an API, so all data entry is manual, and all documents are date-stamped and stored on the cloud-based platform.
“If you ship [or sell digital products] to Europe,” Parker pointed out, “you run the danger of [liability].” Although the actual compliance will vary by European country, and there will probably only be a couple of dozen enforcement staff in each country, there is also the possibility of individual lawsuits by EU citizens.
And, he said, if your company is ever the target of an enforcement action or a lawsuit, “they’re going to look back to May 25, 2018,” the date GDPR implementation began.
GDPR IQ is only the latest wizard-based tool to assist with compliance. UK-based digital compliance startup Databoxer recently launched its online Consent Wizard, where companies can answer questions about their email marketing and get recommendations and wording about the consents needed.