With just under a month to go until the highly-anticipated introduction of the General Data Protection Regulation (GDPR) across the EU and UK, law firms up and down the country are working hard to put the final measures into place to ensure they are ready for these important legal changes.
Preparing for GDPR is essential for any legal business that wishes to avoid fines of up to 4% of annual turnover, and that wants to maintain their standing as a reputable service provider. With just a month left to ensure your data protection strategy complies with the new stringent regulations, now is your final chance to get ready for the introduction of GDPR on the 25th May.
You may already have an in-house team or out-sourced server to handle your organisation’s data protection, that, unfortunately, that doesn’t necessarily mean you are compliant with new GDPR laws.
Why is preparing for GDPR so important?
As we have discussed in previous posts, the impact of GDPR could be significant for law firms. With significant fines for a lack of efficient storage and processing of client’s personal data, and even larger penalties for data breaches, the financial cost of non-compliance is staggering. However, the potential impact on company reputation is perhaps even more pressing.
The current Cambridge Analytica scandal demonstrates the risks of insecure data storage and processing for even the largest corporations such as Facebook. After the data from 50 million Facebook profiles was harvested to influence the 2016 US election, the social media giant came under fire from governments and users alike, causing many to boycott the site.
Besides the legal risks of non-compliance, preparing for GDPR holds many benefits to law firms. The EU regulation aims to streamline data protection law throughout member states, which lawmakers believe will collectively save companies €2.3 billion annually.
Assessing and improving your data storage and processing systems will also increase organisation and productivity, showing a commitment to personal data protection to legal clients who routinely trust law firms with the most sensitive information.
How to prepare for GDPR
UK law firms preparing for GDPR have just a month left to ensure all of their client data is effectively treated in line with the new regulations. There are several steps you can take to ensure that your company is ready for the introduction of GDPR, including:
- Training employees on data protection and ensuring everyone is aware of their responsibilities
- Collating lists of all EU citizen data stored within your system
- Ensuring all client data you have stored is accurate and up-to-date
- Update consent given by clients with regards to the processing of their data
- Implementing a data protection governance framework
- Documenting data use processes
- Determining whether a data protection officer would be beneficial to your company
- Implementing formal policies and accountability controls
All companies ought to begin with an audit of all the data they hold and what they do with it. The next step is to consider what legal basis you have for processing the data. Data must be necessary for your operations and be used with clear client consent in order to be lawful.
It is also essential to develop an efficient procedure for dealing with client access requests to their data, as the GDPR requires requests to be dealt with within a month in all but exceptional cases. Legal businesses should also have an infallible procedure in place for dealing with any data breach and the new requirement to notify the Information Commissioner’s Office of such a breach.
Many law firms will consider hiring a data protection officer ahead of GDPR, which is often a useful tactic. However, if you want to ensure that your IT systems management is conducted by individuals with many years of expertise in data protection, who know the GDPR rules inside-out and have all the necessary resources to deal with everything from information access requests and cloud computing to data storage, it is a wise idea to enlist the help of an IT support services consultancy.
To find out more about how we can help you prepare for GDPR, contact us today on 020 3355 7334.