As we face a growing trend of hidden GDPR risks in 2020, we reflect on how businesses have changed the way they collect and manage their customers, clients and prospects sensitive data. We will also look at how we are identifying the gaps in data policy to bring law firms up to speed.
Why Firms Need Support
The specialist data security consultants at Net-Defence have been engaged by many law firms of all sizes across the UK to provide independent GDPR support over the past few years. Firms have needed our service for two reasons:
- To ensure both client and employee data is collected, stored and processed in line with GDPR requirements and Information Security ‘best practice’.
- To show the ICO that they have mitigated risk to the best of their ability should a data breach occur, by using an independent party to assess their adherence.
Many organisations embarked on a GDPR compliance readiness project but didn’t complete the process and several still don’t understand what is required of them. This year Google was hit with a £44 m fine for not adhering to the EU’s data protection rules.
High volumes of information are frequently added, moved, edited and deleted in a firm’s system. This puts them at high risk of data mismanagement or breach.
Gaps in Data Policy
Net-Defence has been helping firms to independently assess their own effort since the GDPR legislation came into force. Our specialists have analysed the oversights of these firms when it comes to their own GDPR implementation. We found:
- Board agendas no longer featuring GDPR
- Firms that think they don’t need a Data Protection Officer (DPO)
- Some firms believing that previous consultancy support means they are not liable for breach
- Law firms that have failed to delete their e-marketing database
- Firms needing to buy software that would make them GDPR compliant
You can read about our tips on what to do about these top 5 oversights here.
Compliance is Ongoing
Be mindful that GDPR compliance is not a one-time process; compliance is a vital component of business continuity for all organisations. Changes in your business create new risks.
You can request a GDPR Gap Analysis from Net-Defence if you are unsure about the GDPR compliance of your business.
For more advice to do with GDPR and cyber-security, sign up for Net-Defence news.