GDPR for law firms: 1 year on are you handling the challenge?

GDPR for law firmsGDPR for law firms caused a great deal of consternation before its introduction. How has it all worked out as we look back one year after the event?

Whilst doing a little research into the subject, I came across an article by Matthew Cole.

Mathew, a partner at law firm Prettys, shared his top tips for ensuring individuals and businesses keep their compliance regulations on track. What follows is good advice for law firms and other businesses alike. Here is what he had to say.


It was the new data regulation which had every company in the UK talking about when it was first introduced just over a year ago.

The European Union’s General Data Protection Regulation (GDPR) saw a major overhaul of how businesses, regardless of size, handle personal data.

Firms must evaluate how they collect, store and process personal data to protect a person’s privacy – and 12 months on, many are still finding the regulation a challenge.

Re-evaluate your current GDPR plan.

When businesses first started putting together their GDPR procedures and policies, it was all a bit of a rush. Most people wouldn’t have been fully compliant even after putting these procedures in place, as there was so much to do.

Therefore, it is worthwhile to see what you have achieved and what still needs work. GDPR compliance is very much a continuous process, and now is a good time to look at how you can adapt it for future innovations.

Give all staff basic training.

GDPR can be difficult to understand and organisations need to be proactive in training their staff to ensure they are up to speed with all the necessary information. When new staff members are joining a company, they should be given basic data management training, and everyone should have some understanding of how their organisation uses data.

Know your data!

Organisations should understand what data they process, what they do with it and who they share it with. To do this they can conduct an audit. The hallmark of any audit is to understand what kind of personal data you’re using, where it comes from and where it goes. If you get these things right, you can’t go too far wrong.

Rather than looking at the procedures once a year to review the policies, there should be someone on hand whose responsibility it is to constantly look at ways to improve the way the business handles data and futureproof their GDPR compliance policies.

Sort out your IT systems.

Companies should also make sure their IT systems are up-to-date and as secure as possible. They can use Cyber Essentials, a Government scheme that helps protect companies from all kinds of cyber-attacks.

Have clear policies in place to prevent security breaches.

A breach in security is arguably the worst thing that can happen when it comes to data. In order to prevent this from happening it is important employees have an awareness of the policies within the company.

In the rare case that a former employee attempts to steal data, you need to be prepared. To prevent this from happening, there needs to be clear guidelines in place, including clearly stating that all data is owned by the company.

Staff should also be prohibited from storing data on personal devices and sending it to personal email accounts.

You can get software which monitors if staff have sent data to themselves. The most important thing is just to be vigilant and carry out regular checks. Do simple things like regularly change passwords, keep web systems up-to-date and make sure privacy policies are accessible and accurate. An organisation’s data consent needs to be explicit and not include pre-ticked boxes like many e-commerce companies still do.

Make sure you don’t become data confused.

There can be confusion surrounding what data actually is. Often people think it isn’t data if it doesn’t contain a name or address. But data is actually anything that can help you identify an individual, so it is very wide-ranging.


Matthew certainly gives us all a great deal to think about. However, his message is clear. With a structured, well organised plan, good IT systems and staff training, compliance is achievable.

Find out more about GDPR by following this link.

June 2019.

© LawWare Limited 1995-2021


Join over 475 law firms across the United Kingdom.

Our clients range from small start-up legal practices to multi-partner, multi-site firms.

Another great customer service experience from LawWare. My laptop had to be stripped back to factory settings as part of a repair - taking hours! In contrast, restoring LawWare took one phone call to the support team and I was up and running in 6 minutes. If only everything was so easy!

VI pensions Law Ltd.
Vanessa Ingram

As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.

Alastair Hart & Co.
Alastair Hart

The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!

South Forrest
Irene Yule

The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.

Sprang Terras
Fiona Allison

I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.

Brymer legal Ltd.
Professor Stewart Brymer

I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.

Sneddon Morrison
Eric Lumsden

The level of support is the main benefit using this system.  The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.   

Linda George Family Law
Sharon Rodger

Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.

Scanlon Ewing
Maureen Ewing

Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.

Helix Law Limited
Jonathan Waters

The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.

Cullen Kilshaw
Ross Kilshaw

interested in

Explore LawWare

Connect With Us