More than ever, businesses across the world are collecting, managing, utilizing, and storing huge amounts of consumer data to offer targeted, relevant content and a better customer experience. However, as demonstrated with recent data breaches, lack of corporate transparency, and the sale of third party personal information, data is increasingly being used for unintended purposes. To give its citizens greater control over how their data is used, the EU has published a new European privacy law called General Data Protection Regulation (GDPR). GDPR goes into effect on May 25, 2018, and the new rules won’t just affect EU-based businesses and citizens. U.S. businesses that process personal information from EU residents will have to comply with the regulation as well, or risk fines of up to $22 million.
*Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
How Will This Regulation Impact Your Law Firm?
Law firms hold large amounts of highly personal and confidential information, and therefore have greater responsibility to keep their data safe and take accountability for how it is collected, stored, and used. To prepare for the new regulations, firms should appoint a data protection officer, obtain an ISO 27001 certification proving the firm meets adequate data privacy requirements, and/or look toward software solutions for their data protection. Though a secure, cloud-based practice management solution for a law firm can be costly, it will assure the firm is compliant by detecting data breaches, monitoring data security, and meeting the highest security requirements for storing and processing confidential information. Working ahead to prepare for GDPR is an investment opportunity and a building block to improve the firm’s reputation, regardless of the size.
Meeting GDPR standards is not going to be a smooth transition for all firms, but it is a step toward a more secure and private world. Getting ahead of the curve is an opportunity for firms to let their clients know they are willing to work toward a more transparent relationship. It is only a matter of time before these regulations will be expected globally – forcing businesses to learn new and innovative ways to process and control personal data – so it is important for firms to have a positive outlook on the new changes occurring.