GDPR has been in force across the European Union since May 2018. in our guide, we've included lots of useful information and guidance about how you and your business can prepare for GDPR below.
The requirements under the GDPR are broadly similar to the Data Protection Act 1998 (DPA) but they give additional weight to the rights of the subjects of any data collection, most obviously, in terms of penalties.
If you are already operating good risk management, including being transparent about your data collection and storage and ensuring that your clients have given active consent to any processing operations not covered by one of the other grounds for lawful processing, then GDPR is not likely to be very onerous. But it is worth checking the Lockton website, which has useful guidance on GDPR and what it means for you. You should also check the ICO website and our website for updates, because the precise requirements are likely to evolve over the coming months.
There's also the European Commission’s Article 29 Working Party webpage and you can find the official text of the General Data Protection Regulation at eur-lex.europa.eu.
GDPR guide for law firms
Our guide looks at the regulation and the Data Protection Act from the perspective of a legal practice.
- Law firms as data controllers
- Create a record of data processing
- Client confidentiality, legal privilege and limited exemptions
- Data retention
- Sharing data with third parties
- Data protection officers
- Security
- Reporting personal data breaches
- Requests for client personal data
- Appendix 1 - Consent
- Appendix 2 - Example of a data protection policy
- Appendix 3 - Background to the GDPR changes
We're publishing a series of blogs from experts, including members of our Privacy Law Committee, about the key issues and considerations you should take into account.
