You are here:
  1. Home
  2. News
  3. Blog
  4. New frontiers in lawtech innovation and data protection

New frontiers in lawtech innovation and data protection

03 September 2019
"However fast regulation moves, technology moves faster."

- Elizabeth Denham, Information Commissioner


Andrew McWhir is the Law Society policy adviser for competition law, and GDPR & EU. He discusses the known paradox that the opportunities for digital innovation rely on people trusting organisations with their personal data, and the GDPR mechanisms that support this for lawtech.

Trust us?

Many people, including Elizabeth Denham the Information Commissioner, have pointed out that digital innovation relies on people handing over their personal data to companies. Properly respected and enforced data protection laws increase trust but, in the short term, enforcement action reveals unlawful and unethical processing that undermines public confidence. These include the prospect of some spectacular GDPR penalties for data breaches – the ICO has stated its intention to fine Marriott International over £99m and British Airways over £183m.

The GDPR recognises that technology is transforming the economy and social life. It also recognises the importance of creating the trust that will allow the digital economy to develop. This is, of course, an objective of the regulation as a whole. But within the regulation there are mechanisms for promoting innovation within a framework of trust. They are highly relevant to lawtech innovators.

The data protection impact assessment (DPIA)

The first mechanism is the data protection impact assessment or DPIA. DPIAs are a structured process for evaluating innovative, high risk initiatives for processing personal data. They involve systematic descriptions of the proposed innovation, assessment of the proportionality and risks involved, and identification of measures to mitigate those risks. Where high risk remains, data protection authorities provide written advice on how to proceed.

Data protection by design and by default

The second mechanism is less specific. It is the concept of data protection by design and by default. The core idea is that appropriate technical and organisational measures that reflect data protection principles should be baked-in to systems and not, as so often happens, added as an afterthought.

Adding 'noise'

For example, if you are collecting personal data for statistical purposes you may be able to add 'noise' to that data in a way that retains its statistical value but which minimises the extent to which it can be traced back to a particular individual. An example of poor practice would be to include mandatory data fields (such as data about age, income or political views) in an online query form requesting a report or a quote.

Most data protection experts are familiar with the sinking feeling that comes from having to say 'caution' or even 'no' to an initiative that they have been asked to advise on only when it's almost ready to launch. More often than not, the initiative could have been designed differently and in a way that would have been fully compliant if only they had been involved sooner!  

Robert Bond, one of the UK's leading data protection by design practitioners and a partner at Bristows LLP will be leading a  data protection by design  session at the Law Society's half-day New Frontiers in data protection, ePrivacy and workplace surveillance conference on Thursday 26 September 2019. Workshops include lawtech and GDPR, social media in law firms: the danger spots, and workplace surveillance: know your limits; helping you tackle the challenge of how law firms can combine the challenges of lawtech innovation and data protection compliance.

The Law Society supports lawtech innovation.


Join our  half-day conference Thursday 26 September 13:00 - 17:20  New Frontiers in data protection, ePrivacy and workplace surveillance at 113 Chancery Lane, £175 + VAT,  Practising certificate holder working for a NFP £125 +.  Expert speakers will be exploring crucial data protection and privacy issues. We will  be announcing some new GDPR guidance for solicitors in law firms at the conference

Listen to our Tech Talks podcasts designed to make lawtech easier to understand

Tags: knowledge management

About the author

Andrew McWhir is a Law Society policy adviser for competition law, GDPR, and the EU.

After almost 20 years in the Civil Service, Andrew came to the Law Society in 2017 to work on the implications of Brexit for the profession, access to justice, and as competition policy lead. He is now focussed on GDPR and other aspects of data protection law, and on learning from and applying the lessons of GDPR enforcement to improve the quality of advice and guidance to the profession.

  • Share this page:

Abigail Bright | Adam Johnson | Adele Edwin-Lamerton | Ahmed Aydeed | Alex Barr | Alex Heshmaty | Alexa Lemzy | Alexandra Cardenas | Amanda Adeola | Amanda Carpenter | Amanda Jardine Viner | Amy Bell | Amy Heading | an anonymous sole practitioner | Andrew Kidd | Andrew McWhir | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Morris | Anne Waldron | anonymous female solicitor | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bhavisha Mistry | Bob Nightingale | Bridget Garrood | Caroline Marlow | Caroline Roddis | Caroline Sorbier | Carolyn Pepper | Catherine Dixon | Chris Claxton-Shirley | Christina Blacklaws | Ciaran Fenton | Coral Hill | CV Library | Daniel Matchett | Daphne Perry | David Gilroy | David Yeoward | Douglas McPherson | Duncan Wood | Elijah Granet | Elizabeth Rimmer | Eloise Skinner | Emily Miller | Emily Powell | Emma Maule | Floyd Porter | Gary Richards | Gary Rycroft | Graham Murphy | Greg Treverton-Jones | Gustavo Bussmann | Hayley Stewart | Hilda-Georgina Kwafo-Akoto | Ignasi Guardans | James Castro Edwards | Jane Cassell | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Jonathon Bray | Julian Hall | Julie Ashdown | Julie Nicholds | June Venters | Justin Rourke | Karen Jackson | Kate Adam | Katherine Cousins | Kaweh Beheshtizadeh | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Hood | Kevin Poulter | Larry Cattle | Laura Bee | Laura Devine | Laura Uberoi | Law Gazette Jobs | Leah Glover and Julie Ashdown | Leanne Yendell | Lee Moore | LHS Solicitors | Linden Thomas | Lucy Parker | Maria Shahid | Marjorie Creek | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Mary Doyle | Matt O'Brien | Matt Oliver | Matthew Still | Max Rossiter | Melissa Hardee | Michael Henson-Webb | Neil Ford | Nick Denys | Nick O'Neill | Nick Podd | Nigel West | Nikki Alderson | Oz Alashe | Paris Theodorou | Patrick Wolfe | Paul Rogerson | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Prof Sylvie Delacroix | Rachel Brushfield | Rafie Faruq | Ranjit Uppal | Ravi Naik | Rebecca Atkinson | Remy Mohamed | Richard Collier | Richard Coulthard | Richard Heinrich | Richard Mabey | Richard Messingham | Richard Miller | Richard Roberts | Rita Gupta | Rob Cope | Robert Bourns | Robert Forman | Robin Charrot | Rosa Coleman | Rosy Rourke | Sachin Nair | Saida Bello | Sally Azarmi | Sally Woolston | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Shirin Marker | Siddique Patel | Simon Day | Sofia Olhede | Sonia Aman | Sophia Adams Bhatti | Sophie O'Neill-Hanson | Steve Deutsch | Steve Thompson | Stuart Poole-Robb | Sue James | Susa | Susan Kench | Suzanne Gallagher | The Law Society Digital and Brand team | Tom Chapman | Tom Ellen | Tony Roe | Tracey Calvert | Umar Kankiya | Vanessa Friend | Vicki Butler | Vidisha Joshi | William Li | William McSweeney

Monthly archives

February 2020 | January 2020 | 2019 | 2018 | 2017 | 2016 | 2015