Roundtable: Data minefield

As solicitors and their clients gear up for May’s implementation of the GDPR, the Gazette’s latest roundtable hears that many appear to have left their preparations to the 11th hour.

On 25 May, GDPR introduces new laws on holding and ‘processing’ data. It requires transparency in respect of an organisation’s possession and use of data, which must be for a ‘legitimate process’. And if a result can be achieved without processing the data, an alternative method should be deployed.

Once the regulation takes effect, the maximum amount the Information Commissioner’s Office (ICO) can fine for a breach will rise from the current £500,000 to £17m (€20m), or 4% of global turnover – whichever is higher.

Hunters partner Gregor Kleinknecht says that this degree of scrutiny is justified by the sensitivity of the data law firms hold: ‘A medium-sized firm like Hunters obviously doesn’t manage and process as much data as a Clifford Chance would do, but we’re still about 50% private client. So we’re holding a lot of what would be described as special personal data, which relates to potentially vulnerable clients. The risk there is higher than if we were purely a commercial firm dealing with commercial clients.’

Read the full article in The Law Society Gazette here.