• The EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) came into force in the UK on 25 May 2018.

    They bring the most significant change in data protection regulation in 20 years. The regulation is designed to align privacy laws across Europe and increase protections and data privacy rights for individual citizens.

    Law firms generally face the same issues as other organisations in seeking to comply with the GDPR and, through our ongoing discussions with firms, we’re identifying specific issues of concern around compliance.

    This page brings together guidance and support to help you and your firm understand the regulation.

    Read our summary guide – GDPR for solicitors

    Read our detailed guidance – GDPR and DPA guidance for solicitors in law firms

    Download our guide – The General Data Protection Regulation: A guide for solicitors (PDF 435 KB)

  • 1 2 3 4 Next

    Coronavirus (COVID-19) and data protection

    As organisations expand and embed their remote working capabilities, the overall surface area of risk widens.

    1 April 2020

    Data protection in a no-deal Brexit: What you need to know

    If the UK leaves the EU without a withdrawal agreement, the UK becomes a 'third country' under the GDPR.

    4 November 2019

    Data protection and no-deal Brexit

    This guide considers the steps you should take to comply with UK data protection laws and GDPR.

    3 October 2019

    GDPR and DPA guidance for solicitors in law firms

    Guidance for solicitors on the data protection regime in the UK.

    26 September 2019

    Contract as lawful basis

    Contract is one of the lawful bases for using personal data. We recommend you use contract or legitimate interests as the lawful basis, rather than consent.

    7 August 2019

    LPP and client confidentiality

    LPP and client confidentiality override a data subject's right of access and right to be informed under the GDPR and data protection act.

    7 August 2019

    Appoint a data protection officer (DPO)

    You do not always have to appoint a data protection officer (DPO). In most cases, as a law practice, you will not have to. But you'll need to make someone responsible for data protection.

    5 August 2019


    You can only use personal data if you do so "lawfully" under GDPR. One way to do this is by getting the person's consent.

    5 August 2019

    Legitimate interests

    Legitimate interests is one of the lawful bases for using personal data. We recommend you rely on legitimate interests or contract as the lawful basis, rather than consent.

    5 August 2019

    GDPR for solicitors

    All solicitors hold personal data. This guide helps you know what you need to do to comply with GDPR.

    1 August 2019
    1 2 3 4 Next
  • Podcasts

    The GDPR and employment lawyers

    Nick Denys, policy advisor at the Law Society, explores some of the challenges organisations face to remain GDPR compliant.

    The GDPR and children’s rights

    Sarah Richardson, who supports the Law Society’s children law sub-committee, discusses how the EU GDPR affects the data protection rights of children.

    The GDPR guide for law firms

    Andrew McWhir, policy advisor at the Law Society, discusses the Law Society’s GDPR guide for law firms.

  • Contact us

    Please contact us if you or your firm have a specific issue you would like to raise.

  • Filter by date

    Select dates: