How Your Law Firm Can Keep Up With Cyber Security & Data Protection
In May 2018 the most significant change in data protection regulation in 20 years came into force. The EU Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) was designed to align privacy laws across Europe and increase protections and data privacy rights for individual citizens.
GDPR Recap – What was required?
- A greater emphasis was placed on accountability, meaning that all organisations were required to have an accurate record of the data held and be able to demonstrate how it was collected and whether the collection is “lawful”.
- Under GDPR, for a person’s information to be held, their explicit consent must be given and defined as being “freely given, specific, informed and [an] unambiguous indication of the data subject’s wishes.”
- Law firms should have reviewed how they collected and recorded consent and the consent must be verifiable, with the ability to supply, on request, the details of the data they hold and how it has been used.
- Information can only be used for the purposes for which consent was originally given. So, marketing materials cannot be sent for example, unless the law firm has received specific consent to do so.
- Individuals must be allowed to exercise a range of individual rights, including the right to be forgotten, right of data portability and right of access.
- Clear instruction on how to withdraw consent, and the right to do so at any time must also be in place.
The Law Society provides some further information and guidance for Solicitors and Law Firms
Understanding Regulations and Remaining Compliant
Law firms must practice better data management and put in place a greater set of processes that protects personal data, from marketing to HR and Business Development.
GDPR Compliance Audit Check
To ensure this, every law firm should audit what data it holds and for what purpose, furthermore, to understand that this also relates to information held on employees and not just client data.
A Data Management plan can then be put into action once it has been determined what obligations to that data are required, and whether it needs to be deleted, stored or disclosed.
Cyber Security and Insurance
Cyber security plays a vital role in remaining complaint, so it is crucial that security is taken seriously. With greater data access rights, law firms must know where information is kept and ensure that appropriate steps are in place to have better security to protect the data they hold.
Under GDPR, Law Firms have a duty to quickly notify the regulator and victims of an information loss if it affects their “rights and freedoms”. GDPR requires organisations to have “robust” breach detection and investigation procedures in place. Whilst a PI policy will provide coverage against third party claims, including loss of client money, loss of client data or deformation, an additional cyber security policy would provide additional protection above and beyond that offered by PI insurance.
How To Keep Up - Regulation and Compliance Assistance
Through both our direct services and through our Partner firms, we can deliver a whole range of regulation, compliance, risk management support and business services to assist you.
Through working with you, we will provide your law firm regulatory compliant advice as well as help you implement a detailed regulation and compliance programme ensuring that your firm and your staff are fully aware of the obligations to comply with the various rules required to be followed at a law firm.
We also offer an ongoing maintenance programming involving audits and onsite training to ensure that your firm is up to date and always remains compliant . Click here to find out more about our regulation and risk management services
Are you looking to renew your Professional Indemnity Insurance?
Are you interested in finding out more about a Cyber Security Policy?
Let The Strategic Partner help you find the right Insurer and price for your firm. Renewing your Professional Indemnity Insurance can be a burden but is essential. Leaving this to the last minute could result in your firm paying higher premiums due to the Insurer and you not having enough time to discuss your firms and your risk profile. You and the Insurer need time to understand and discuss your firm.
To obtain a no obligation quotation you can email us your current proposal form or last year’s proposal form. We will then obtain indicative terms for you. It is as simple as that.