GDPR compliance self-audit—law firms
GDPR compliance self-audit—law firms

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • GDPR compliance self-audit—law firms
  • Lawfulness, fairness and transparency
  • Individuals' rights
  • Accountability and governance
  • Data security, international transfers and breaches

Lawfulness, fairness and transparency

ICO expectation LexisNexis® guidance LexisNexis® Precedents and tools
☐  Conduct information audit to map data flows Data mapping Sample data processing map
Data mapping — internal questionnaire
☐  Document what personal data you hold, where it came from, who you share it with and what you do with it The General Data Protection Regulation (GDPR) — Accountability Data processing register
☐  Identify and document your lawful bases for processing GDPR compliance — lawful processing Data processing register
☐  Review how you ask for and record consent GDPR compliance — standard of consent
GDPR compliance — obtaining, recording and managing consent
GDPR consent to process personal data — sample wording
GDPR compliance — preference centre supplier questionnaire
☐  Implement systems to record and manage ongoing consent GDPR compliance — obtaining, recording and managing consent
Related documents: