The General Data Protection Regulation (GDPR) will come into effect on 25 May, with a corresponding Data Protection Bill currently working its way through parliament. The GDPR has been described as an evolution rather than a revolution, but it does contain important changes to how firms process and retain data.
There is no ‘one size fits all’ approach for firms which will result in compliance. Every firm will have different requirements and needs to approach compliance by thinking about the personal data it processes and why.
To support firms to work towards compliance, we have produced a guide, Preparing for the GDPR: A guide for law firms. Based on the ICOs 12 steps to take now, each chapter explains the context of each element of the regulation, suggest points to consider in the law firm context and provides a checklist of items to work through.
Download Preparing for the GDPR: A guide for law firms
Our guide can be read in conjunction with our resources, guidance and support for law firms, which you can find on our specialist GDPR pages.
The ICO on the GDPR
The ICO has been clear that the GDPR and the new Data Protection Bill - soon to be Act - will not be a stick with which to beat firms and companies and the ICO will continue to take a pragmatic and proportionate approach to enforcement.
Only those firms and companies that wilfully, deliberately and repeatedly show disregard for the rules will face the maximum penalties.
The information commissioner has emphasised the importance of organisations actively pursuing compliance, recording their decision-making and being transparent and accountable in their data processing activities.
Compliance with the GDPR does not begin and end on 25 May. Further guidance will be coming from Europe and from the ICO and we will continue to provide members with updates.
The ICO has signalled its intention to continue its engagement with the Law Society. We encourage firms to share their particular pain points with us and we will raise any major issues affecting the profession directly.
We are always keen to understand how firms are working through preparing for the GDPR. Please share your thoughts, stories, issues and concerns with email@example.com.