GDPR compliance planning (law firms)
GDPR compliance planning (law firms)

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • GDPR compliance planning (law firms)
  • Does the GDPR apply to your law firm?
  • What data is covered by the GDPR?
  • Information Commissioner’s Office (ICO) fees
  • Is your firm GDPR compliant?
  • Awareness
  • Data mapping
  • Data protection officer
  • Role of data processors
  • Consent
  • more

The EU General Data Protection Regulation (GDPR), in force from 25 May 2018, represents the first major overhaul of data protection law in 20 years, during which time technology and the use of personal data have changed beyond all recognition.

The challenge of complying with the GDPR should not be underestimated, nor should the consequences of failing to do so—the potential for fines of €20 million or 4% of annual global turnover.

If your firm was fully compliant with the pre-GDPR regime, most of your approach to compliance remains valid under the GDPR. However, there are new elements and significant enhancements within the GDPR, meaning you now have to do some things differently that you were not required to do pre-GDPR.

Does the GDPR apply to your law firm?

The GDPR applies to all EU organisations that handle personal data. As it is virtually impossible to operate a business without handling personal data, it's probably safe to assume your firm is caught by the GDPR.

The GDPR also applies to organisations outside the EU that offer goods or services to individuals in the EU. This represents a territorial expansion of the pre-GDPR regime.

For more guidance, see Practice Note: The General Data Protection Regulation (GDPR)—Territorial scope.

What data is covered by the GDPR?

The GDPR applies to personal data and special categories of

Related documents: