The General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) are both now in force.
The GDPR and new DPA are far more onerous, complex and far-reaching than the previous Data Protection regime. There are greater risks to your Firm and to everyone in it for non-compliance due to wider enforcement powers. Key aspects include the Firm’s accountability for the new Principles and the appropriate lawful grounds for data processing.
Penalties under the GDPR alone include fines up to €20m or 4% of your annual global turnover.
Securing compliance with both the GDPR and the new DPA is an on-going process. Given the level of risk, this must therefore be top of the Risk Management Agenda of all prudent Law Firms.
What does this mean for your Firm?
GDPR and DPA compliance requires all Firms to ensure:
Compulsory Training for all Fee Earners and Support Staff
New Firm-wide Policies & Procedures which are fully GDPR & DPA compliant
A clear, Risk-based approach specific to your Firm (e.g. Data Audit & Mapping, Internal Records)
Lawful Personal data processing
A clear and accountable Firm-wide compliance culture