The European General Data Protection Regulation will come into force on 25 May 2018, replacing the data protection directive of 1995 (Directive 95/46/EC). This makes GDPR compliance a hot topic for law firms small and large for reasons we will touch on in this post.
Under the new GDPR, data controllers will have to go to considerably more effort in order to comply with the amended data protection requirements. It is no longer just about adhering to best practices for processing private data and preventing a data breaches. Legal regulations on individual rights, the requirement to keep records of data procedures and the need to implement the appropriate technical and organisational measures to ensure a level of security appropriate to the risk represent entirely new challenges for law firms.
GDPR compliance implications for data controllers
Non compliant controllers may be subject to penalties of up to €20 million or 4% of their global revenue, but that’s not all. Depending on local data protection directives, you may also face data security penalties and/or personal liability in your jurisdiction. In Germany, the Federal Data Protection Act provides for fines in case of administrative offences, or even imprisonment in case of criminal offences. In France, the Criminal Code lists a number of offences for non compliance with or violation of data protection legislation, which may lead to a five year prison term and a €300,000 fine for individuals (the fine is five times higher for legal entities).
Law firms hold a large amount of sensitive data, on behalf of individuals and companies, making them a potentially lucrative target for cyber hackers looking to exploit data or hold it ransom. The fact that law firms are a perfect target for cyber attacks makes GDPR compliance even more important. Law firms not only need to make sure that they themselves are compliant to avoid the risk of penalties but, they must also work extra hard to prevent a breach since under GDPR they must be made public – a revelation that could be catastrophic to a firm’s reputation.
The key is to have processes in place to ensure ongoing compliance and compliance into the future. After all, your dedication and commitment towards GDPR compliance will determine the longevity of your law firm. While conducting compliance audits might be a good practice, it is important to be fully prepared to manage compliance risks proactively.
To help your law firm prepare for GDPR compliance, get your copy of our latest whitepaper where we dive into the five key things to understand about your new obligations, their practical implications, and how to keep client data protected:
- The legal basis on which you use personal data
- The rights of your clients
- Your firm’s accountability
- Your obligations in the event of a data breach
- How legal technology can help
GDPR compliance is too important to leave to the last minute – start 2018 on the right foot! Download your free copy here