Solicitors and Legal Organisations Prepare for New GDPR 2018
Solicitors and Legal organisations need to prepare for the General Data Protection Regulation which comes into effect in May 2018.
Q. What exactly does GDPR mean to your solicitors or legal practice?
A. A staggering fine of up to 4 per cent of your worldwide turnover.
We have spoken to solicitors and legal companies we work with and they like many others are yet to take any action as May 2018 seems so far away. To ensure GDPR compliance you need to act now and start understanding the impact on your current processing of personal data and how the new regulations will impact this.
Some of the issues which will effect solicitors and legal organisations are the following:
Breach Notification – 72 hours to report any data breach
Right to Access – Data held on individuals should be able to obtain from the data controller confirmation as to whether or not personal data concerning them is held and what it is and what it is being used for.
Right to be Forgotten (Data Erasure) – the right to be forgotten entitles individuals to have the data controller erase his/her personal data.
Data Portability – Individuals will need to receive the personal data concerning them when requested.
We are considering the new GDPR with every new solicitors website we build. If we are collecting personal data from a a website we ensure the website has a SSL (digital certificate) to protect data with encryption. We ask 3 questions of the data we are collecting, What is the data being used for? Where is the data being stored? and do you still need the data after a specific time? this will help build processes to be compliant. If your website captures data from minors, you will need to have written permission from a parent to give their consent for their data to be used.
If your website does not have an SSL certificate we can help, its a small step but one of many you must start taking.