Scribd
Upload
58 views4 pages

GDPR: How It Will Impact Your Law Firm and What Lawyers Need To Know

The document discusses how the new General Data Protection Regulation (GDPR) will impact law firms and lawyers. It will take effect in May 2018 and aims to give citizens control over personal data and simplify regulations for international business within the EU. Law firms will need to ensure they obtain consent for personal data properly, have a lawful basis for processing data, and respect individual rights like the right to be forgotten. Non-compliance can result in fines up to 4% of annual revenue or 20 million euros.

Uploaded by

Amrith Raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views4 pages

GDPR: How It Will Impact Your Law Firm and What Lawyers Need To Know

The document discusses how the new General Data Protection Regulation (GDPR) will impact law firms and lawyers. It will take effect in May 2018 and aims to give citizens control over personal data and simplify regulations for international business within the EU. Law firms will need to ensure they obtain consent for personal data properly, have a lawful basis for processing data, and respect individual rights like the right to be forgotten. Non-compliance can result in fines up to 4% of annual revenue or 20 million euros.

Uploaded by

Amrith Raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Kleos

How the GDPR will impact law firms and what


lawyers need to know
09.08.2017

As a lawyer looking to grow your firm, it’s vital that you understand the impact of
the new General Data Protection Regulation (GDPR) (Regulation (EU)
2016/679).

The GDPR will come into effect on May 25th, 2018, replacing the data
protection directive of 1995 (officially Directive 95/46/EC). GDPR aims to give
control back to citizens and residents over their personal data, and to simplify
the regulatory environment for international business by unifying the regulation
within the EU.

When it comes to confidential and highly personal data, law firms store a lot of
information. As such, they have a greater responsibility to keep data safe and
take accountability for how data is collected, stored and used. For law firms, it
will be important to understand how you collect, store and use personal data of
your clients and employees in order to ensure compliance.

How will the GDPR impact my law firm?


If your practice collects, stores or uses EU citizens’ personal data you are
subject to GDPR.

Fines for non-compliance can be up to 4% of annual worldwide turnover or


€20 million, whichever is greater.

GDPR defines parties as either “controllers” or “processors”. A data controller


states how and why personal data is processed, while a processor is the party
doing the actual processing of the data. For example, a controller could be any
law firm, while a processor could be an IT firm doing the actual data processing.

It is important to note that even if your firm is based outside the EU, the GDPR
will still apply so long as you deal with personal data belonging to EU citizens.

What lawyers need to know


Here are just a few of the new obligations that law firms will need to consider:

The GDPR places greater emphasis on accountability. This means you


must have an accurate record of the data you hold, demonstrate how is
was collected, and whether the collection is “lawful”.
Furthermore, you must be able to demonstrate that you are managing
personal data in a manner compliant with the regulations. Firms must be
able to supply, on request, the details of the data they hold and how it
has been used.
Consent under the GDPR must be a freely given, specific, informed and
unambiguous indication of the individual’s wishes. Law firms will need to
review how they collect and record consent.
For processing of personal data to be lawful under the GDPR, you need to
identify a lawful basis before you can process personal data. It is
important that law firms determine their lawful basis for processing
personal data and document this.
The GDPR creates some new rights for individuals and strengthens some
of the rights that currently exist under the DPA. Law firms will need to
ensure they allow individuals to exercise a range of individual rights,
including the right to be forgotten, right of data portability and right of
access.

It’s safe to say that with the GDPR, data protection is no longer the
responsibility of IT. The protection of personal data must be considered and
embedded in your law firms processes, from Marketing to HR and Business
Development. In the coming weeks, we’ll be providing more information on
how law firms can prepare for GDPR.

Topics: Security

Trends, news and events

Read the latest news from Kleos and keep up to date with tips to grow your law firm
Mobility (5)

Cloud Software (12)

Growing your firm (9)

Security (12)

Case Management (4)

Kleos Company
Why Kleos FAQ

Explore Kleos About Us

Pricing Support

Downloads Kleos Knowledge Center

When you have to be right.

Legal Notice Cookies and Privacy Policy

©Wolters Kluwer

You might also like