Matt Torrens, Managing Director at Legal IT Specialist, SproutIT, reflects on some of the many key points covered at his recent LPMA Seminar on GDPR compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) comes into force in May 2018 and will replace the Data Protection Act 1998. It is broader in scope, strengthens rights of the individual, brings extra requirements to data Processors and Controllers and, of course, is backed by higher penalties.
GDPR is a legal requirement. A ‘regulation’ is a legal act of the European Union that becomes immediately enforceable as law in all member states simultaneously – it does not need to be transposed into National law.
Do we need it?
The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment by unifying regulation within the EU.
Chambers and all Legal firms are already subject to the Data Protection Act 1998, and a number of professional obligations surrounding data protection, however GDPR takes this compliance to a new level.
Will Brexit affect GDPR?
There has been some confusion about how Brexit will affect GDPR. The UK will remain a full member of the EU until the negotiations on withdrawal are completed. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
Next Steps
Organisations need to act NOW to identify what steps are necessary to ensure that they and their members are fully compliant by the implementation date. It is wise to run a Gap Analysis process, in order to understand your current position, against the Regulation, and determine the steps you must take in order to achieve compliance. You will need to blend People, Process and Technology to properly address your GDPR reponsibilties.
If you accept that brand awareness and reputation is key to the survival and growth of your practice, then you might also consider how to build reputational resilience in the form of a Cyber and GDPR strategy.
Find out more
Matt Torrens, MD of SproutIT has over a decade of practical data protection experience working with law firms, and is also EU GDPR Foundation & Practitioner certified.
For a copy of the SproutIT GDPR Cheat Sheet for the legal sector, email; AskTheExpert@sproutit.co.uk
LinkedIn: Sprout Technologies Ltd