Organisations across the board are likely to be affected by the new regulations. However, EU GDPR and law firms is rapidly becoming the headline news in the legal industry.
In my last post, “EU General Data Protection Regulations #1: What does it all mean?”, I gave a snapshot of the regulations and what they involve. Let’s now look at a few simple measures you can take in readiness for them.
In an ideal world, you’d never wish to be on the receiving end of breaches in data security. However, the worst sometimes does happen and it makes sense to prepared.
Make sure you have clear policies and well-rehearsed procedures in place. These will enable you to act quickly to any breach and notify the authorities within the required timescales.
This is all about establishing clear, effective policies and procedures. You can then use these both to remain within the regulations and prove to regulators that you meet the required standards.
It’s one thing to have the policies in place. To make them work effectively they should be backed up by constant monitoring. Review your data processing procedures regularly with the aim of reducing data processing and retention to only that which is required. Staff training is the key to this. To keep on top of your obligations, you can carry out regular privacy impact audits to review your procedures and correct any concerns that may arise.
It’s essential to take a look at what personal data processing you undertake. Relying upon consent from clients does not necessarily mean you can use data for other purposes without renewed consent. If you do rely on consent, review whether your documents and forms of consent are up to the job. At the end of the day, the burden of proof rests with you.
The EU GDPR requires that the information you provide to your clients about their data usage should be in clear and easily understandable language. All your policies should be transparent and readily accessible.
Your clients have the right to ask for a variety of things. They can ask for the right to erasure of data and, indeed, the right to data portability where appropriate. With this in mind, you should always consider what the legal grounds are for storing client data. Again, the burden of proof to show that legitimate grounds override client interests lies with you.
The new regulations cover organisations domiciled outside of the EU. If you are conducting cross-border work, you should ensure that you have a sound legal basis for transferring personal data to other jurisdictions. Obviously, this is not a new concern. However, it’s worth bearing in mind the penalties for getting it wrong. Failure to comply can leads to fines of up to 4% of annual turnover.
All good practice management systems contain elements designed to assist you to perform risk and compliance checks. The better ones, have a structured approach to task management built-in from the point of the creation of a new matter. For the more advanced PMS systems, it is straightforward to build your protocols into this or into a workflow within the software. It’s worth thinking about as a mechanism for automating your protocols.
For further information on how LawWare can assist you with this and your practice management, please follow this link.
For a full examination of the new regulations, DLA Piper has produced a detailed report which you can view here.
© LawWare Limited 2016-2017
Our clients range from small start-up legal practices to multi-partner, multi-site firms.
As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.
The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!
The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.
I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.
I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.
The level of support is the main benefit using this system. The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.
Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.
It’s a big help that you can speak to the boss directly. The support team takes a lot of the technological stress away and, as LawWare continues to build relationships and integrations with other suppliers, it makes our life much easier.
Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.
The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.