The Legal Forum - GDPR for Law Firms

Darren Burns 25.01.2018

In an attempt to standardise the way organisations store and use personal data, GDPR is coming into force on 25th May 2018.

Let’s start with the basics: the General Data Protection Regulation is a piece of legislation passed nearly two years ago that had a 25-month transition period written within it. It focuses on personal data transfer inside and outside of the European Union, with an aim of standardising the way that businesses can store and use this information.

Key GDPR clauses

The key clauses focus around the necessity of consent from an individual for an organisation to be able to hold their data, how that information is stored and used, the employing of a Data Protection Officer and their duties, and the design of new software or services that must now be implemented with privacy in mind.

This pertains to any organisation that deals with individuals based in the EU, regardless of where the business is headquartered; firms with a US parent will not be exempt.

Move towards GDPR compliance

The maximum fine for a data breach will also be extended from £500,000 to £20m, or 4% of global turnover – so the implications are certainly serious. On top of that, the reputational damage caused by a breach could prove to be irreversible. So where should you start and what should you do?

1. Learn the basics of GDPR – The ICO and the Law Society both hold further information

2. Work out what your data is: 

i) What information on clients and customers do you store currently, where is it stored and how is it used in the business?

ii) What are your processes for maintaining confidentiality of this data?

3. Check that your data usage is compliant:

i) Establish the reason for holding data.

ii) Storage limitation – i.e. how long you hold data for and what happens to it once you reach that time limit.

4. Work out if you need to hire a Data Protection Officer - We recently held an event in partnership with the IAPP on this topic, learn more here

There’s plenty to think about and time is running out. The IAPP offer ‘GDPR READY’ courses that can help you progress towards compliance, find out more about them here.

If you would like to speak about hiring for GDPR compliance, don’t hesitate to contact our team.

Our next piece will focus on hiring patterns and market analysis.

Darren Burns's picture
Operations Director


Commercial Finance Analyst job in Middlesex
Commercial Finance Manager job in Middlesex - 12 month fixed term contract
Statutory Accountant
City of London21.02.2020