The report questioned more than 150 legal sector IT decision makers in the UK and discovered that only 25% believe they are currently compliant with the GDPR.
The report also highlighted that 1 in 5 law firms questioned had experienced an attempted cyber attack in the past month, rising to 44% in the past year.
This is a surprising result, especially as law firms should understand the consequences of data breaches more than most organisations.
With just over six months left to comply, now is the time to get educated about the changes introduced by the Regulation and what your firm must do to comply.
Key changes introduced by the GDPR
The GDPR introduces a number of key changes that firms should be aware of:
- The appointment of a data protection officer will be mandatory for certain organisations.
- Rules around valid consent.
- Restrictions on international data transfers.
- Data processors will have direct legal obligations and responsibilities.
- The introduction of data protection impact assessments.
Brexit is not a way out of the GDPR
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit.
In the report, Joanne Frears, consulting solicitor at Blandy & Blandy, warned that Brexit will not provide a solution for GDPR concerns: “Perhaps most firms think Brexit is a cure for GDPR, without realising that unless the UK has robust data protection compliance equivalent to GDPR, it will not be able to provide or accept any personal information from EU businesses or EU citizens and most of the UK service and technology industries would fold as a result!”
The GDPR will come into force before the UK leaves the EU, and the government has said that the Regulation will apply, a position that has been confirmed by the Information Commissioner.
Essential resources to understand and comply with the GDPR
Get all the essential resources to develop your understanding of the GDPR and your compliance obligations with our cost-effective EU GDPR Expertise Bundle, which includes:
- An essential pocket guide to get a clear understanding of the GDPR;
- A must-have guide that details what you need to do to comply with the GDPR; and
- An expert introduction to the use of Cloud services and your data protection obligations.