International law firms are preparing for GDPR, the EU General Data Protection Regulation.
GDPR intends to strengthen and unify protection for individuals within the EU through a harmonised set of regulations. This makes it easier for non-EU companies to comply. GDPR will give citizens back the control of their personal data, extending the scope of EU data protection to all foreign companies processing data of EU residents. It will also simplify the regulatory environment for international business.
Given the sensitive data international law firms hold of EU citizens, they must be prepared to implement GDPR to avoid fines as high as 20 million Euros or up to 4% of global turnover. According to a survey by information management experts Crown Records Management, 44% of Law Firms in the UK had already appointed a data protection officer.
Data Protection impact assessments are necessary, as well as receiving and recording consent from clients on how their personal data is to be used. Clear information and explanation of how the collection of data is completed and what the firm will be doing with it is a requirement of GDPR.
International Law Firms will need to notify the data subject if a breach is likely to negatively affect the protection of the personal data or privacy of a data subject. Implementation will include allowing individual the right to have their data erased and forgotten which will may require an updated software system.
International Law Firms are urgently working to reduce the risks of breaches and ensure they follow GDPR by the 2018 deadline. In security and privacy, prioritisation of safeguards and targeting of limited budgets and resources is key to ensure both compliance with GDPR by the 2018.