KM, GDPR and Chinese walls – how to avoid the problems.
Many organisations are concerned about the GDPR and internal confidentiality issues associated with making all documents public and searchable. But KM does not have to work like that.
|Image from wikimedia commons|
We often come across concerns of internal confidentiality, Chinese Walls, and now GDPR which can make people reluctant to share knowledge.
“We can’t share our project files” they say; “they are full of client-confidential material, they contain details of individuals which must not be made public, and they could lead to conflicts of interest if they cross company boundaries”.
However, as we have often pointed out on this blog, sharing project files is not the same as knowledge sharing. There are two sorts of deliverables from a project or a legal matter – the project/matter documents, and the knowledge deliverables, which are those outputs such as lessons learned and exemplar templates which go into the knowledge workstream. Those knowledge deliverables contain knowledge about the internal processes and the specific subject matter, and should not need to contain anything particularly client-specific, nor should they need to contain details of individuals. They should be more generic, more sanitised, and more useful in terms of updating the corporate knowledge base as they are synthesised with the knowledge which already exists.
In a recent blog, Phil Ayton of Sysero supports this model of separate knowledge deliverables for the legal sector.
The second approach requires more effort than the “redacted bible” option (of sharing redacted project files) but adds more value to the knowledge database by reducing risk, increasing quality and reducing drafting costs on new matters. Instead of simply sanitising documents as they are moved into the knowledge database, firms can enhance them by adding drafting information and including optional clauses. Instead of having multiple examples of the same legal document, firms create a single document with information for multiple uses. As well as making the knowledge database smaller and easier to navigate, sanitising while enhancing the content during the migration process ensures that new matter documents are drafted at a consistently higher standard.
Let’s avoid concerns about confidentiality and GDPR by keeping our project deliverables separate from our knowledge deliverables, and by developing a knowledge workstream of documents that are focused on guidance and on practice, and which do not contain specific client-related or individual-related content.
Or as Phil describes it; “a sanitised, managed repository of know-how”
Tags: knowledge workstream