The General Data Protection Regulation, otherwise known as GDPR, has been a hot topic across European and world media — and is set to come into action on 25th May this year. Although Britain has decided to leave the EU, this is a piece of legislation that the British government will be adopting after Brexit.
Undoubtedly, GDPR will impact almost every sector that handles data — including those working in law — so how can they prepare? We’ve teamed up with accident at work claims experts, TRUE Solicitors LLP, to find out more.
What is this new piece of legislation?
Like most laws that finally come into action, GDPR has been in the pipeline for quite some time. Only getting the go-ahead in 2016, it sets to create a framework that will determine how data is currently used, as the amount of data we handle continues to grow with the advancements in technology. When this piece of legislation was announced, it was said that it would only impact huge organisations like Google, Facebook and Twitter — but this isn’t the case.
As those currently operating in law will be working under the Data Protection Act of 1998, GDPR will soon replace it — so it’s important to make sure you’re compliant. Law firms are controllers and processors of their clients’ data, meaning it is crucial for them to abide by the rules. If businesses do not comply with this new legislation, they can face significant penalties — an example of this would be a monetary penalty of 4% of turnover, something that all firms will wish to avoid.
With the power to make or break a law firm, this legislation will have a huge influence on how the legal sector operates. This is one of the main reasons why law firms need to prepare themselves for the changes now rather than later — for their own protection and the protection of their clients.
GDPR makes it simpler for people to claim compensation against firms that aren’t handling their data correctly. This means that law firms should reassess their security policies and update any security systems they have in place to ensure the risk of any data breach is minimised.
What to do before the deadline
There are a few methods businesses can take to ensure that they are compliant with this new legislation. This all starts with acknowledging the legislation — even though the UK plans to leave the European Union, this doesn’t mean that you should ignore the fact that we will still be in the EU when this legislation is introduced and that GDPR will likely be adopted by the British government after Brexit.
Law firms should conduct regular assessments to evaluate how data is currently used, transferred and protected to ensure that the methods are compliant with GDPR. If not, you could face those harsh penalties that could be detrimental to your firm.
Make sure that your current company policies are also in line with the data protection framework set out by the European Parliament. If you have a third-party that helps monitor your data, you need to make sure you outline what they can and can’t do with it. Also inform them that they must notify you immediately of any suspicion of data breaches. Update your staff data protection policies to meet new requirements, too. There are certain organisations that must have a designated Data Protection Officer under the legislation, however even if you do not require one under the regulations you should consider whether your firm should have one in any event in order to protect the company and its clients.
However, GDPR won’t come lightly and you must begin to train your employees on what it is and what responsibilities they have. Make sure that staff are aware of the risks, the consequences of breaches and how they can prevent any mishandling of data. It might be useful to do this in one-to-one sessions where you can directly specify how data protection relates to their role within the business.
