One of the most important documents in any legal team is the Legal Strategy. This foundational document for any legal team can have various forms and shapes, but the essential common denominator would be the vision it has for the company. The strategy can be based on two views: a conservative or a visionary one.
Both views have their respective benefits, in the first, more conservative one, any changes would typically be done at a slower pace with a higher degree of bureaucracy and approvals (more stability), while in the second one any changes would be much easier to implement as they would be seen as an element of progress and challenging the status quo of how the things are done with the view of ultimately improving not only how the legal team works but what type of impact it decides to have in a company (agility and innovation). It can have implications on how the existing role is seen by the leadership, as a mandatory cost center in charge of legally validating business decisions and ensuring legal compliance in all company operations or as a business partner which can play its revenue-generating part by ensuring the company’s legal compliance, process efficiency, proactive legal compliance and compliance by default. This is essentially linked with the risk matrix any legal team has in place (formal or informal) for assessing the extent of a process flexibility and required approvals flow.
Legal Digitalization Strategy
Supporting the growth of the company can be achieved by making even minor changes to an existing process where unnecessary steps are removed once they are objectively analyzed in terms of compliance value versus the potential risk level it would invite. For example, if a company’s policy is paper based all the subsequent process deviations or notices for the policy’s applicability will need to follow the same route which means that there is a very small possibility to meaningfully improve the steps in that policy such as digitalizing one or all of the steps and activities under the scope of the policy. The same thing can apply to other processes, where if you can replace or improve a step in the puzzle, it will essentially act as a vital change factor which will trigger a snowball effect.
For example, if you decide to implement e-signatures for the company’s contracts, you will change and improve a lot of other processes that relate to contract management. Paper based ones will become obsolete, costs with paper-based signatures, mailing, time and costs saving, security and process efficiency will be improved. Digitalization of the company’s contracts will kickstart process and document automation, efficiency, integration with other company tools, security and better visibility. The increased level of employee and customer satisfaction triggers a better and more optimized sales process in which legal is playing an important role in accelerating sales and customer adoption of the company’s products. The same logic can help legal teams ensure that the company is able to scale without any disruption based on potential internal operational deficiencies which legal can control or influence. Being one of the teams that can touch any process in the company, the legal team has the great responsibility and opportunity to put in place processes which would proactively allow it to assess the situation in all company’s functions. This provides an unparalleled overview for the legal team in everything that happens and an ideal position to prevent any possible non-conformity with the law which would otherwise trigger huge costs and liabilities.
In terms of practical implementation, this can be done by looking at how the legal team is currently providing support to various functions in the company and how that support is integrated in the way in which those functions are working. Only by attaching the legal team’s processes to the various functions’ tools and workflows can this proactive approach succeed and legal can have a bird’s eye view over all major things that happen in the company. It is far more efficient to design the legal support request in the tools where those teams are working than to put in place a special legal tool and ask those teams to use it whenever they need legal support. It should be the other way around: legal should be present in their stakeholders’ tools and workflows and add any specific legal processes or tools only when those existing ones do not address the specific need legal is required to address. For example, if the company is using a project management tool which is used by one or more functions to do their work, it would be better to design a simple legal request form in that tool describing how and when it should be used by those teams instead of putting in place a separate legal dedicated tool to support those functions. It is both a re-usability and an efficiency approach which can ensure that legal-related goals are achieved with minimum costs (the legal team can get licenses under those functions’ budget or allocate legal budget to get additional licenses – in both scenarios this is a more operational and cost-effective approach than putting in place a legal-specific tool).
Another example would be the support of the sales team which is the first line of contact with the customers. It would be far more efficient to adapt the way legal reviews and approves revenue-generating contracts by putting in place workflows in the sales related enterprise tool where the entire process can occur than to put in place a special contract management platform where the sales team would need to work in together with legal. It is also important to consider consolidating and limiting the number of tools used for supporting the company and various functions to those which are generally available already in the company and are known by the employees instead of adding numerous tools to achieve niche legal objectives. The same principle is applicable to other functions as well which should only implement software which is critical for their activity and an existing company-wide used tool is not re-usable for those tasks.
Digital Legal Team
Implementing a legal digitalization strategy is equivalent to a paradigm shift in the way the legal team will work. This strategy will create the context for achieving a digital legal team – a team whose processes and documents are thought of as digital by default. Ensuring that the legal team is not only a participant but also a driver in the digitalization efforts of the company needs to be one of the main objectives of the legal team, as it is an element in mitigating legal risks for the company.
One relevant example is the adoption of the General Data Protection Regulation by the European Union which placed companies which were heavy personal data processors (both for their employees but also their customers) in a difficult position trying to figure out the operational mechanisms capable to ensure their compliance with the new privacy requirements. Privacy by design and privacy by default, data subject requests, data access and data portability, data minimization and data mapping of all used data, including company users, tools, purpose, types of data and categories corelated to the business purposes for which that data is being used are only some of the challenges brought about by the General Data Protection Regulation.
Nevertheless, these challenges can be better overcome with the right digital processes in place in combination with legal advice. There are several steps that can be taken proactively to ensure privacy by default and by design:
- The most important one is raising management awareness – which can be achieved through 1:1 discussion with the leadership team (they need to understand first of all the legal requirements to ensure that they can properly decide on the business impact and product strategy).
- Another step is putting in place a privacy-specific training program – which once it is put in place can be implemented with the management’s support for all employees on a recurrent basis.
- Having a Privacy Task Force is another way of improving privacy compliance. Such a team should be formed of employees from every team (or one employee for every two-three teams but who has the needed knowledge of those teams’ operations) which has or can have a privacy impact (either via the tools used, process involvement or job description). This can be an informal team (there is no need to put it in charts) where the Privacy Officer is having some quarterly or more frequent meetings to provide more direct support and discuss any issues in terms of future product development plans, new products or features.
- Disseminating a Recurring Privacy Questionnaire – across the company asking employees to list their main activities and if they have access to any personally identifiable information is a good way to double check if a particular process is as it should be or if there is unneeded access to the data.
- Implementing a Product Privacy Request as a form in the tools where the product and engineering (can be different depending on the company’s profile) teams work and collaborate to ensure that this request is a mandatory step in the management process of the release any new product or feature. It is vital to have the legal team involved in the product release management process to validate if privacy by design or privacy by default principles are observed.
Certain parts of the abovementioned privacy matters can be automated so that you avoid possible non-compliance, for example, you can use a software robot to create product privacy requests and ask the teams to reply to specific questions. You can even automate data subjects’ requests regarding the processing of their personal information starting with the user’s initial request, including the data mapping process, and finishing with sending the relevant response to that user so that the entire process is fully automated and there is no unnecessary human intervention.
A similar approach can be taken for the contractual processes where (as mentioned above) process changes such as implementation of e-signature can trigger end to end digitalization and automation with software robots. These software robots can play an essential part in ensuring that the company runs as automated as possible with key supervision and management by the employee process robot owners.
Also, it is much easier to put in place business continuity plans in case unforeseen events occur when digital by default is the legal team’s philosophy. Putting in place digital processes and documents creates the premises for simplification and standardization which allow for automation to be applied, as well as better interaction with all other functions. For example, in case of force majeure events ensuring that the organization can continue working is critical. This can be achieved with the right digital processes and automation. Every company should have business continuity procedures in place which should be an accurate reflection of the company’s processes implemented by various teams. This shouldn’t be one of those boilerplate policies and statements where they sound good on paper but there isn’t actually any practical reflection of those principles in the company’s operating procedures. Key topics on business continuity with a significant focus on digitalization irrespective of the nature of the activity should be clearly spelled out in company policies and applied to a clear technical and operational framework. For instance, in respect of data processing activities, using the existing framework will ensure a sustainable business continuity by properly considering Tools (which are used to process data), Processes (business reasons, type and extent of the data processing) and People (the data subjects, as well as the employees involved in data processing activities or with access to the tools used in data processing). Having a clear map of these matters can help establish and continuously monitor the level of business sustainability, continuity and compliance. These are the elements that can help put in place the right digital framework for a company with the help of the Legal Digitalization Strategy.
Outcome: Automated Enterprise
A digital and automated enterprise can only happen if all functions have a digital strategy as a guiding factor in the way they think about their activities. Putting in place this framework for their respective function with the help of the IT department will help achieve an enterprise-wide consistency and efficiency of the tools used in the company. Despite the initiative to transfer into a digital format, operational processes of the legal team can also be assumed by a Chief Information Officer. It is not necessarily an organic approach but rather a forced one from another business function, since the IT department, albeit one deeply involved in all the tools and systems of the company is at the same time unfamiliar with the necessities and objectives of the legal team or other business teams. The IT department is the owner of the way these tools are integrated in the wider digital strategy of the company and is not responsible for the outcomes that the teams implementing them pursue. This is one of the reasons why the legal team needs to be the driver for their function first and subsequently for the other ones, to ensure that the digital legal processes they implement have a technical correspondent in the function they are required to support. One way to do it is to maximize the value of the tools any company is using and which we can call already the company essential tools, such as those used for generic digital infrastructure: storage, project and document management, security, automation (Microsoft Suite, SharePoint, Google Suite, Gdrive); and specific digital infrastructure: account creation and planning, analytics, time and team collaboration (Sales Force, NetSuite). As these company essential tools can be found in any company (in this or another form), it is very important to understand how to use these ubiquitous tools to digitalize the legal team’s work. The company essential tools offer the unique advantage and opportunity for the legal team to tap into each and every one of the company business teams to ensure legal compliance and legal enablement for these teams to achieve their business objectives faster, more efficiently and more simply in a legally compliant manner. By creating the venue through the company essential tools to offer legal support to the company, the legal team can digitalize all its workflows and processes by including them in the company essential tools.
By understanding the company’s existing digital landscape and its processes, the legal team can effectively become an agent of meaningful and positive change. It can design its own way of doing things matched to the company’s technology and operations framework by re-using company essential tools for legal-specific purposes ranging from better covering the legal requests in the company to designing new processes that will help expand its business and customer base.