Menu
IBP Legal Logo IBP Legal Logo Lexcel

Why legal firms should be doing something about GDPR right now

22 Sep 2017
It's no surprise that legal firms are a prime target for cyber criminals because of the amount and type of data they hold. All legal firms should therefore be aware that they will have to fully comply with the GDPR by 25 May 2018 or face severe and rigorously imposed financial penalties.

The GDPR is the EU General Data Protection Regulation which will replace the Data Protection Act 1998 in the UK and the equivalent legislation across the EU Member States. Organisations will have to fully comply with the GDPR by 25 May 2018.

Legal firms are a prime target for cyber criminals because of the type of data they hold, including personal and sensitive and information on individual clients, corporate clients and employees. In 2016 there were the Panama Papers – an unprecedented leak of 11.5m files from the database of the world’s fourth biggest offshore law firm, Mossack Fonseca. In the UK, the Cyber Security Breaches Survey 2017  found that nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months. The survey also found that half of all firms said that the need to protect customer data was their top reason for investing in cyber security measures. Recent research by cloud data intelligence firm OnDmarc found that only one organisation out of the top 100 UK firms, Walker Morris, had sufficient measures in place to fully protect against email fraud. This news follows reports that UK law firms saw an unprecedented 45 cases of cyber theft in the first quarter of 2017.

Organisations will have to fully comply with the GDPR by 25 May 2018. GDPR has a very stringent data protection compliance administration with severe and rigorously imposed financial penalties of up to 4% of global gross revenue or €20,000,000 – whichever is greater – for non-compliance, so what are you doing about data protection and GDPR in your organisation?

The 4 main questions that you should be asking yourself to determine the impact of GDPR on your organisation are:

  1. What personal data do you hold?
  2. Where is it located?
  3. How are you using that data?
  4. Can you provide evidence that you have obtained explicit or implied permission to use that person’s data in the way that you are?

If you are unsure about the answers to any of these questions, you may want to seek help in preparing for GDPR.

Contact IBP Legal on 0800 612 3098, email us or get in touch using the form on the left to chat to one of our team. We will be happy to help by answering your questions and will put you in touch with a GDPR expert. 

Working with the new Cyber Primed Standard will also help you to defend your firm against cyber attack and data security breaches. Find out more on the Cyber Primed website.

  • Get in touch

    Call us on 0800 612 3098 or email lexcel@inspiring.uk.com.