GDPR: help is at hand
A new Society guide sets out the steps to compliance
Steps solicitors should take to comply with the General Data Protection Regulation are set out in a new guide published by the Law Society of Scotland.
Written by Laura Irvine, a partner at BTO, the Guide to GDPR has been produced specifically for law firms in advance of the European Union regulation, which introduces new rules about data protection and privacy from 25 May 2018.
Paul Mosson, the Society’s executive director of member services, explained that although the profession was generally well prepared for the introduction of GDPR, and ultimately the Information Commissioner’s Office (ICO) would be responsible for regulating GDPR and providing guidance, the new guide specifically for law firms would further help to promote compliance.
He commented: “All organisations that process personal data must comply with GDPR, but law firms face specific issues over privacy and how they handle data. It’s important that we can provide support for our members prior to the introduction of the GDPR later this month. Our guide considers the new regulation and the Data Protection Act from the perspective of a legal practice, looking at how GDPR will impact solicitors’ current processes and identifying the steps to take towards compliance.”
The guide features a data audit carried out with a high street firm to look at its data processing. Other firms can use the information gathered in the audit to evaluate their own data processes. Guide to GDPR also includes a template data protection policy, though firms will be responsible for determining how to comply on an individual basis.
Laura Irvine added: “While solicitors in Scotland will be familiar with the Law Society rules on client confidentiality, GDPR is also concerned with protecting personal data, but it brings in a new principle of accountability for all organisations. The profession should see this as an opportunity to consider how it deals with personal data in the 21st century and I hope that this guide will assist solicitors in Scotland to do this.”
The guide is sponsored by IT Governance. CEO and executive chairman Alan Calder said: “We are very pleased to be working in partnership with the Law Society of Scotland on this valuable GDPR project for its members. IT Governance is at the forefront of helping organisations around the world address the challenges of GDPR compliance. With many years’ experience in the legal sector, we are well placed to help firms get on track with their GDPR compliance projects, better understand their specific cybersecurity risks and help them through the challenges ahead.”
The ICO has encouraged the Society, as a professional body, to continue to provide updates to members once GDPR comes into force. The Society has written to all law firms in Scotland about the new guide, which is available here.