Even amid a global pandemic, companies are not exempt from compliance with the European Union’s General Data Protection Regulation, which applies to any company that stores or processes personal information about EU citizens, including U.S. companies.
Aiming to make GDPR compliance easier for companies, SixFifty, the technology subsidiary of the law firm Wilson Sonsini Goodrich & Rosati, is today launching a product to help companies automate GDPR compliance and documentation.
The GDPR tool can enable a company to lay the foundation for its GDPR compliance in as little as 30 minutes, SixFifty says. It is an addition to the suite of privacy tools first introduced by SixFifty last May with its California Consumer Privacy Act tool.
Last week, Kimball Dean Parker, CEO of SixFifty, gave me a demonstration of the new tool. Its modules automate six components of GDPR compliance:
- Compliance documentation and contract language for internal policies, contracts and websites.
- Employee GDPR training.
- Data mapping to document the company’s data flow.
- Cookie consent.
- Request management for consumer requests and audits.
- Data analysis to assess risks.
While companies and organizations of any size can benefit from using this product, Parker said, the target market is U.S.-based companies below $1 billion in revenue.
Like SixFifty’s CCPA product, the GDPR product was developed based on guidance from lawyers in WSGR’s Privacy and Data Protection practice and using forms they developed.
“The value of this product is the Wilson Sonsini expertise baked into every part of it,” Parker said. That includes not just the documentation that companies would traditionally get from a law firm, but also the operational parts of GDPR compliance.
“Typically, a law firm would draft documents for you, but the firm doesn’t help you operationalize the compliance,” Parker said. “We get you the documents and the operational aspects.”
Among the documents the product creates are internal policies for data controllers and data processors, contract addenda for sharing data, and a website notice. Parker said the website notice is specifically tailored to U.S. businesses to ensure that they both comply with GDPR and CCPA requirements but also adhere to FTC requirements.
The price for the product will range from $10,000 to $20,000, depending on which of the six modules described above the company decides to purchase. Some of the modules are shared with the CCPA tool, such as data mapping, so a company need buy that only once. For that reason, companies that buy both tools typically pay 50-70% of the full cost of the GDPR tool.
Wilson Sonsini launched SixFifty in February 2019 as a software subsidiary to develop automated tools designed to make legal processes more efficient and affordable for businesses and individuals.