Will GDPR influence the way the legal sector operates?
Soon, the European Parliament will be enforcing the General Data Protection Regulation, otherwise known as GDPR to help strengthen the way we handle data across the continent. Although Britain has decided to leave the EU, this is a piece of legislation that the British government will likely be adopting after Brexit. It’s important for those operating in the legal sector to have a clear understanding of what GDPR is, how it could impact them and what they can do to prepare for it.
What is GDPR?
In the pipeline for over four years, GDPR is set to become a reality on the 25th May 2018. Only getting the go-ahead in 2016, it sets to create a framework that will determine how data is currently used, as the amount of data we handle continues to grow with the advancements in technology. When this piece of legislation was announced, it was said that it would only impact huge organisations like Google, Facebook and Twitter — but this isn’t the case.
The legal sector will be knowledgeable on the Data Protection Act 1998 — but this is a piece of legislation that will need to be forgotten once GDPR is introduced. Law firms are controllers and processors of their clients’ data, meaning it is crucial for them to abide by the rules. If businesses do not comply with this new legislation, they can face significant penalties — an example of this would be a monetary penalty of 4% of turnover, something that all firms will wish to avoid.
There will be a definite impact on the legal sector once this new legislation is introduced, and the changes could make or break a firm. This is one of the main reasons why law firms need to prepare themselves for the changes now rather than later — for their own protection and the protection of their clients.
Understanding the impact is vital for law firms — as such firms collect a considerable amount of data through each case they serve, GDPR allows the client to claim compensation in an easier process if such data has been breached. This means that law firms should reassess their security policies and update any security systems they have in place to ensure the risk of any data breach is minimised.
What to do before 25th of May
With GDPR soon on its way, there are a few steps that law firms must take to prepare. This all starts with acknowledging the legislation — even though the UK plans to leave the European Union, this doesn’t mean that you should ignore the fact that we will still be in the EU when this legislation is introduced and that GDPR will likely be adopted by the British government after Brexit.
Common assessments should be carried out to revise the current data protection measures and ensure that it complies with GDPR legislation — if not, new ones must be made.
Look over your current business policies, from this you will be able to see if they are in line with the framework being introduced. If you have a third party that helps monitor your data, you need to make sure you outline what they can and can’t do with it. Also inform them that they must notify you immediately of any suspicion of data breaches. Update your staff data protection policies to meet new requirements, too. There are certain organisations that must have a designated Data Protection Officer under the legislation, however even if you do not require one under the regulations you should consider whether your firm should have one in any event in order to protect the company and its clients.
When GDPR is implemented, you need to ensure that your current staff are fully aware and even introduce some GDPR training. Make sure that staff are aware of the risks, the consequences of breaches and how they can prevent any mishandling of data. It might be useful to do this in one-to-one sessions where you can directly specify how data protection relates to their role within the business.
This article was brought to you by personal injury experts, TRUE Solicitors LLP.