The most significant developments in data protection legislation for more than 20 years are on the horizon in the shape of the General Data Protection Regulations (GDPR). These changes will affect all European organisations that handle personal data, including law firms.
Currently, in the UK, businesses operate under the Data Protection Act 1998 which was established at a time when social media hadn’t yet taken off, loyalty cards were new on the scene and we were all managing our personal data in a relatively manual way. Since then there has been a radical shift in the volume, variety and the speed at which data is being produced and shared.
Today organisations of all types and sizes find themselves in possession of more and more client information than ever before. Law firms in particular are inexorably data-heavy and much of the data they hold and process on behalf of clients tends to be of a very private and highly sensitive nature. With this comes greater responsibility and the need for accountability to keep our client data safe and the use of it ethical.
Regulation must keep pace and GDPR, which will come into force on 25 May 2018, is the European Union’s response to all of this. Of course because it is European legislation, Brexit complicates matters. The UK Government is having to re-consider the impact of the June referendum result on GDPR, but the consensus of opinion from those in the know suggests the UK will comply.
In April this year GDPR hit the headlines as newly ratified legislation and it soon became clear it would not only affect the big data players such as Google, Microsoft and Facebook, but all organisations around the world that hold or use ‘European personal data’.
The fundamental purpose of the new regulation is threefold:
1) a level playing field across Europe for organisations to adhere to
2) better security for European personal data
3) greater control for citizens over their personal data
For law firms in particular, GDPR promises significant ramifications given that the nature of the data they handle on behalf of their clients on a daily basis. Some of the changes law firms will have to consider are:
- the rights of individuals – their rights to be erased / forgotten etc.
- information/explanation on collection of data re what firms are going to do with it
- Data Protection Officers will have to be appointed by some organisations
- Data protection impact assessments will be necessary
- Receiving and recording consent from clients re how their personal data is to be used
GDPR is complex and pretty long-winded and details of how it will be implemented have changed during the consultation period. This article attempts to dispel some of the myths and confusion.
It’s certainly not just about IT. This new legislation represents an industry-wide business challenge in terms of how law firms process and control personal data. We have just over 18 months to prepare for these changes and firms that fail to get their data processing act together could face considerable fines in the region of 4% of annual turnover.
Select Legal Systems Limited, authors of the popular legal practice management suite of software, LAWFUSION continually watches developments in new and changing legislation that affects law firms so they can continue to provide quality software tools that help law firms to manage their cases, their data and their businesses. At the heart of LAWFUSION is a powerful central database that drives all its modules for a fully integrated system. It has a CRM (Client Relationship Management) Module and Team LAWFUSION will keep a close eye on GDPR with all of this in mind as it develops over the next 18 months.
For more information about LAWFUSION please call 01482 567601 during office hours or use our online enquiry form at any time of the day or night to contact us.