The UK’s legal framework is expected to be greatly affected by the country’s official divorce from the EU. With an overhaul of regulations and new laws, those in the legal industry must keep up to date with all new rules to stay ahead of the game.
A major piece of official legislation set to be introduced in May 2018 is the General Data Protection Regulation (GDPR). Although an EU project, it’s highly likely that the British government will adopt it after Brexit, which makes it important for those operating in the legal sector to have a clear understanding of GDPR. To understand how it could impact professionals in the legal sector and what they can do to prepare for it, we’ve teamed up with TRUE Solicitors LLP — personal injury experts — to investigate.
Those in power within the EU have been preparing GDPR legislation for four years, although it only received the go-ahead in 2016. Essentially, GDPR covers the safe use of data, which is critical in an age of cyberthreats and digital security. This piece of legislation is intended to create a framework that will determine how data is currently used. When this piece of legislation was announced, it was said that it would only impact huge organisations like Google, Facebook and Twitter — but this is reportedly not the case.
How GDPR can affect the UK legal sector
It’s worth noting, especially if you work in law, that the Data Protection Act 1998 will be suspended with the implementation of GDPR. Law firms are controllers and processors of their clients’ data, which means that it is crucial for them to abide by up-to-date rules.
Legal companies deal with large amounts of sensitive and personal information regarding their clients. An outcome of instating GDPR will mean that clients have an easier process than before if they want to claim compensation against firms that breach data protection rules. This means that law firms should reassess their security policies and update current security systems to ensure data breach risks are minimised.
Also, those that don’t comply with this new GDPR legislation can face significant penalties — an example of this would be a fine of 4% of a company’s turnover. Consequently, the introduction of GDPR could potentially make or break a firm, which is why professionals need to prepare for changes now.
Preparing for GDPR
Preparation is key to dealing successfully with the new data laws that GDPR will introduce. Remember, the UK will still be in the EU when this legislation is introduced and even if it wasn’t, the government is very likely to adopt GDPR after Brexit regardless.
The first step to preparing for GDPR is to assess your current data protection measures and study what is expected of your firm as part of new GDPR rules. That way, you can make sure that all your data is protected with no risk of any breach of GDPR. Reviewing your ongoing contracts and company policies to ensure that they are in line with the data protection framework is also part of this step.
What if you have a third party that monitors your data? If this is the case, organise a meeting and discuss what they can and can’t do to comply with GDPR. Also inform them that they must notify you immediately of any suspicious activity that could breach GDPR.
You could also use this time before May 2018 to update your staff data protection policies to meet new requirements. Some legal organisations already have a designated officer that handles data protection, but if your firm does not, you could perhaps consider whether this might be worthwhile in order to have a closer and clearer oversight of processes to protect company and clients.
Finally, training and knowledge are central to making the transition to GDPR as smooth as possible. Make sure that staff are aware of the risks and consequences of breaching this new legislation, and how they can help to prevent the mishandling of data. It might be useful to do this in one-to-one sessions where you can specify how data protection relates to the individual’s role within the business.