Data privacy.

Two former Google executives recently launched the Privacy Compliance Hub, a platform to help organizations—and not just their attorneys—manage their data protection efforts in ways that are demonstrable to General Data Protection Regulation (GDPR) regulators.

Privacy Compliance Hub co-founder and attorney Nigel Jones said the platform evolved from regular concerns that technology companies and others brought to the legal consultancy he runs with co-founder Karima Noren. Jones, formerly the director of legal, EMEA at Google, and Noren, formerly Google's head of emerging markets, found that the questions companies came to them with indicated that most companies needed a little more help establishing protocols and policies around their data.

“It was quite obvious that they didn't realize that this new privacy law wasn't just something that they could just put on their website,” he said of the regular corporate approach to GDPR. “That was all rather unsatisfactory.”

Jones and Noren found themselves regularly putting together ad hoc systems for clients to manage data privacy compliance, often building systems from a set of Google-based tools and Dropbox. The hub is part of an effort to formalize these systems to ensure that companies have effective tools to demonstrate and monitor their compliance. “What we've developed now is the next generation, from being unsatisfactory to a DIY solution to a platform clients can use,” Jones said.

In part, the hub operates on the notion that lawyers are not, in fact, the best people to address company concerns about data privacy compliance. “When somebody says 'compliance,' they start looking at the lawyer,” Jones said, adding that even with industry expertise, attorneys are often not positioned to address those concerns appropriately. “We realized that we didn't have the answers to the questions. If someone asks us, 'What security measures should we put in place to makes sure this data is safe?' I can have a very good guess, but I'm not an IT professional. I'm not a security professional,” he said.

Jones pointed out that even if privacy compliance questions are shifted away from attorneys to a more technical staff, they still have work to do, especially where GDPR preparation is concerned. “You do have a very important role to play. But I'd say that teaching an organization how to care about privacy is probably not the job that they're good at,” he said.

Jones said that, as with many technology infusions to legal work, the Privacy Compliance Hub can help attorneys redirect their time for efficiency. “Do you want to have your junior attorney drafting a privacy policy, or do you want your team advising on a very interesting, difficult, high-value piece of work?”

The hub also uses a flat fee structure, charging a $21,000 upfront and a $2,800 annual fee for updates. Jones said that establishing a price point was a little tricky, but the general fee structure with a recurring fee for updates is likely to stay in place. “There's a value in that that there may be a charge for, but I think there will always be a fixed fee,” he said.

Jones hoped to assuage fears for those who don't have a fully compliant data privacy infrastructure in place yet, and are unlikely to exactly meet the May 25 deadline for GDPR compliance. “There's no need to panic. If you're not compliant on the 25th of May, you won't be the only one. I think that you should certainly be getting ready now even if you're not completely ready by the 25th of May,” Jones said.

“By not getting ready now, the risk you're taking is that one of these unfortunate mistakes comes, and you're now under a duty to show the regulator, and you won't have anything to show the regulator,” he said.