0203 911 9710


Data Protection

and GDPR

With the increased number of cyberattacks results in data theft and as criminals become more sophisticated, there is an absolute need to ensure full compliance with GDPR and to protect clients’ data.
It may not always be possible to prevent a criminal from accessing your systems but a firm must ensure that it has taken all reasonable measures to prevent a data breach or where this occurs, to respond appropriately and in accordance with regulation.

The regulations do expect you to review your compliance with a GDPR on a routine basis. As usual with such regulation, there is no clear guidance but what we do know is that to not perform an audit at all is a mistake and firms should probably seek to perform a review every 2 years, or every year for larger firms. Failure to put in place appropriate measures to protect and control data exposes the firm to SRA investigations, Data commissioner investigations, Negligence and damage. Law Firms must take compliance with the GDPR seriously and implement effective policies to control and communicate how data is protected.

The Strategic Partner work with firms to implement effective data protection processes as part of an overall compliance structure.

Law Firm Compliance

The Service

Due to the nature of how law firms operate, the management, control and protection of data is an essential element of a firm compliance and regulation strategy. Law Firms manage and control a significant amount of personal data and must have appropriate data protection policies in place to adhere to the requirements of The Data Protection Act 1988 and The General Data Protection Regulation (EU) 2016/679 (GDPR).

A firm that fails to have the appropriate policies and procedures in place to manage, control and protect the data of their clients and staff will not only breach the legislative requirements but also the code of conduct rendering them exposed to breaches of legislation and regulation.

Our Data Protection Services

The decision on whether to appoint a Data Protection Officer (DPO) is one which a firm should consider seriously, and the Law Society has issued a useful guidance note on this.

However, it remains best practice to appoint a DPO or at least a senior person in the business to manage and control data protection issues.

For a Law Firm to ensure they fully comply with the requirements of GDPR and The Data Protection Act, they should implement and approach policies that include:

  • GDPR and Data Protection Policy

    that details how the firm protects, uses and manages data.

  • Data Protection Notices

    that are issued to clients confirming how the data is used, protected and processed.

  • Data Retention Policy

    that sets out the Firms approach to data retention

  • Cyber Security Policy

    that sets out the Firms approach to prevention of Cyber Crime

  • Training

    for staff on the firm’s policies and procedures.

  • Other Documents

    A range of documents for use in relation to data management and breaches.

  • Social Media and Website Policy

    that sets out how the firm manages its website, social media and complies with the SRA transparency rules.

  • IT and Internet Policy

    that sets out how the firm manages staff use of the email system and internet connection.

  • Notifications and Registers

    A notification process and breach register

  • GDPR Training

    GDPR Training slides for all staff setting out how to comply with the regulations

Is your firm compliant?

Talk to us today

Our GDPR Audit Services

Our GDPR audit service adopts the following approach:

  • We will work to a questionnaire

    which will drive the information and data we need ad at as a record of the review and actions taken.

  • Interviews

    We will interview;

    a. the data compliance manager and/or any Partner/Director who has data management as a responsibility to obtain necessary information
    b. A representative from the IT Department to answer any technical questions.
    c. A selection of staff about the approach to and understanding of GDPR and data protection and its application.

  • Document Review 

    All documentation that you have that relate to GDPR and Data protection will be reviewed to ensure it is up to date and current.

  • Audit Sheet

    We will then provide you with the completed audit sheet with any recommendations clearly set out and an overview report.

  • Feedback

    A feedback session will be arranged for you to ask questions and seek clarification.

Get in touch

Contact our Compliance or Consultancy Team

Northern Office  |  Midlands Office  |  Southern Office