With the May 25 deadline fast approaching for companies to comply with the European Union’s General Data Protection Regulation, many smaller companies have yet to take action, stymied in part by the high cost of compliance. A recent survey by the law firm Paul Hastings said that Fortune 500 companies will spend $1 million on average to comply, and a PwC survey found that companies that had finished GDPR preparations had spent from $1 million to $10 million.
Even for a small company or non-profit, the cost of paying a lawyer to prepare all the documents that the GDPR requires could be as much as $100,000, estimates Kimball Parker, a lawyer with Parsons Behle & Latimer in Salt Lake City. “You need to generate a mind-numbingly complex set of compliance documents, and then you need to implement it all, put those policies and procedures into place.”
Recognizing this, Parker’s firm — through its newly formed innovation subsidiary Parsons Behle Lab, of which Parker is president — developed a platform that generates the legal documents a company or non-profit would need to comply with the GDPR, and to do so at a fraction of the price of paying a lawyer.
That platform, called GDPR IQ, is launching today. It generates the complete set of required policies, procedures and proof-of-compliance documents. It is the first automated tool that creates the full set, Parker says.
The GDPR, of course, is the EU directive that governs how organizations collect and process the personal information of individuals in the EU. Research by security firm HyTrust shows that 78 percent of the millions of affected U.S. businesses and nonprofits do not have a plan in place to be compliant by the deadline.
Works Like TurboTax
I have written before about Parker, in his role as director of the LawX Lab at BYU Law School, a legal design lab in which law students design a solution to an access-to-justice problem. In January, LawX released its first application, SoloSuit, an online tool to help low-income individuals prepare responses to debt-collection lawsuits.
Parsons Behle Lab licensed the document-assembly platform created for SoloSuit and adapted it to use with GDPR IQ. Parsons Behle attorneys created the legal documents, which they then had reviewed and verified by a GDPR law firm in the EU.
The process of creating the documents is similar to using a platform such as TurboTax. The user is first asked threshold questions to determine if it is subject to the GDPR. If so, the user is then prompted to set up an account and can begin the process of creating documents. There is no charge to begin the process — the user pays only at the end if it chooses to download the documents.
Once a user signs up, it is taken to a dashboard where it is led through the process of creating the full set of documents. For each document, they system asks them the series of questions needed to complete the document. Parker says that they put a lot of thought into phrasing the questions in plain English, and questions that call for a narrative answer include a sample answer to give the user a sense of how to respond.
The dashboard shows the user’s progress through the various documents. No information need be supplied twice. Once information is given for any one of the documents, the same information is repeated wherever needed in other documents. The user can stop at any time and later resume where it left off. The program adapts to the specific circumstances of each user. For example, if a company operates in five locations, it automatically sets up the questions and forms for each of the five locations.
For a small business, completing the full set of documents should take less than three hours, Parker says. For a larger, more-complex business with many locations, it could take a day or more. But that is still far less than it would take an attorney, he says. At the end, the user receives the full set of documents in Microsoft Word format.
The platform also saves and timestamps the current and all prior versions of every document, so the user can have a record of when a document was created or revised.
GDPR IQ Cost
A user can go through the entire process without cost. Only if the user decides to download the documents is there a charge.
For the full set of documents, the charge is $10,000. For only the GDPR procedures and policies documents, the cost is $5,000.
Nonprofits that serve refugees and international adoption organizations can use the program for free. Other non-profits receive a 50 percent discount.
For users who want additional help, the platform allows them to connect with a Parsons Behle lawyer.
The platform also provides a list of “trusted vendors” for users who need a lawyer in the EU or help with technical compliance, insurance or accounting.
“GDPR will affect every company that has anything to do with Europe,” Parker says. “Companies shouldn’t wait — they need to start taking steps to be compliant.”