Media reports have emerged with findings that Law firms, amongst other professional service firms, are risking penalties by failing to comply with some of the new GDPR rules on privacy. It’s a big gamble to take for the reputation and business continuity of their firms.
The specialist data security consultants at Net-Defence have been engaged by many of the nations Law Firms, large and small, to provide independent GDPR support. It appears to be what the smart Law Firms are doing.
This is for two reasons;
- To ensure both Client and Employee data is collected, stored and processed in line with GDPR requirements and Information Security ‘best practice’.
- To evidence to the ICO that they have mitigated risk to the best of their ability should a data breach occur, by using an independent party to assess their adherence.
GDPR became a whirlwind for both businesses and consumers in May 2018 when the new legislation came into force. Most organisations had embarked on some form or another of GDPR compliance readiness project, not so many have revisited it since. Our team of specialists has been engaged across a vast number of law firms helping them independently assess their own effort since the legislation came into force..
Recent GDPR Gap Analysis findings by specialists at Net-Defence produce a’ top 5′ oversights:
- Board agendas no longer featuring GDPR
- Thinking that you don’t need a DPO
- Thinking previous consultancy support means you are not liable for breach
- Deleting the e-marketing database
- Buying software to make you GDPR compliant
Be mindful that no organisation is ‘GDPR compliant, this is a continuous compliance journey for all organisations. Change in your business creates new risk. GDPR requires ongoing processes, testing, training and reporting to ensure that your risk from GDPR breach is minimised.
You can request a GDPR Gap Analysis if you are unsure.