Legal and compliance leaders should ignore the hype and focus on the legal and compliance technologies most ready to assist in corporate governance in the next few years.
Blockchain, smart contracts, governance of artificial intelligence (AI) and prescriptive analytics are just a few of the technologies noisily heralded as transformative for compliance and legal operations, but few of these technologies have yet passed through the inevitable hype to deliver any meaningful impact.
That’s not to say they are without promise, but legal and compliance leaders should choose wisely.
“Legal and compliance leaders need to start with a problem with real business impact that needs to be solved and then figure out how technology can help — now and in the future,” says Zack Hutto, Director, Advisory, Gartner.
“By focusing on these four Hype Cycle technologies, you can narrow a bewildering range of technology into those best positioned to solve the most significant problems facing corporate legal departments today,” says Hutto.
1. Enterprise legal management (ELM)
Just as enterprise resource planning (ERP) has overhauled the finance function, so too there is promise that a foundational and integrated system of record can improve in-house legal operations and workflows. This is a multifaceted market where several vendors are trying to consolidate many of the technologies on this year’s Hype Cycle into unified platforms and suites to streamline the many aspects of corporate governance.
There is a lesson to be learned from the evolution of ERP, however, in that so-called “monolithic” systems tended to lack flexibility and were unable to respond to changing business conditions, quickly becoming anchors, not sails.
Resist the temptation to shop for ELM solutions without appropriate planning. Legal application leaders and general counsel should first identify their desired business outcomes, and only then find the technology that fits. Think of ELM as a framework to help coordinate and prioritize legal and corporate compliance-related technology investments over a multiyear period.
2. Subject rights requests
Under modern privacy regulations, a data subject has the right to access their data, amend it or request that it be erased. The demand for such subject rights requests (SRRs) is growing along with the number of regulations. (Current regulations include the California Consumer Privacy Act in the U.S., the EU’s General Data Protection Regulation and Brazil’s Lei Geral de Proteção de Dadosis).
Organizations typically handle SRRs through their internal legal counsel. This limits the exposure to liability from inadequate responses or responses leaking restricted/privileged data, but SRR demands are stressing thinly stretched organizational capacity.
“Organizations spend, on average, $1,406 per subject access request”.
The cost of handling SRRs already weighs heavily on organizations. According to the latest Gartner Security and Risk Survey, organizations spend, on average, $1,406 per subject access request (SAR). The majority of respondents (83%) needed at least a full working week to respond to each request.
In the face of these rising request volumes and significant costs, organizations must both define (or refine) their existing processes for handling SRRs and consider compliance and legal technology tools to automate part, if not all, of the SRR management workflow.
3. Predictive analytics
This is a well-established technology and the market is mature, so it can be relatively simple to use “out-of-the-box” or via a cloud service. Typically it’s a form of advanced analytics that can examine data or content to answer the question, ”What is likely to happen if…?”
Prepackaged solutions, however, are unlikely to offer pretrained models for every analytics use case in your organization. They may also lack agility or customization options. So, as per prior guidance, be wary of purchasing a technology in search of a solution.
Legal and compliance adoption of this technology is typically less mature than other business functions. There are likely many untapped use cases where a prepackaged solution could offer benefits, as well as expertise within the wider organization. The key is to begin with the business problem that needs solving, and then look for a predictive analytics solution that can do so.
4. Robotic process automation (RPA)
This technology is best-suited to automating legacy applications that have a standardized user interface or control dashboard for which scripts can be written to automate routine, repetitive, rule-based, predictable tasks.
The potential for RPA to streamline such workflows and free employee time for higher-value activities is well-established. The catch here is that many legal departments don’t use these systems in the first place. In situations where legal departments are using such systems, RPA can make a significant impact and the market is mature.
If they are not already in place, it might make more sense to take a more long-term view and invest in systems that have automation functionality built-in, rather than adding it via RPA.
