All Law Firms hold significant amounts of ‘Data’ about Clients and others – much of it highly sensitive and confidential.
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) are both now in force. This new Data Protection regime will strengthen the rights of individuals, give them more control over their personal data and place far greater burdens on Law Firms. Given the volume of ‘Data’ (all past and current Clients, Employees and third Parties) held by Law Firms and the methods used to process it, Firms must now ensure sufficient Training and resources to implement these obligatory changes.
Harsher penalties include fines of up to €20m or 4% of annual global turnover.
Law Firms must create and demonstrate a risk-based Data Protection regime (Policies, Controls and Procedures) tailored to their Firm. Firms must therefore gear up their systems, controls and internal staff awareness to be able to demonstrate their ongoing GDPR and DPA Compliance with this new and harsher regime. This process will continue long after 25 May 2018.
What is the most effective and protective action your Firm should now be taking?
Our Data Protection & GDPR Consultancy combined with our Data Protection & GDPR In-House Training will support your Firm to ensure that it has fully prepared its Procedures, Staff & Systems for your Firm’s compliance with the GDPR and DPA.