From 25 May 2018, while Brexit negotiations are still ongoing, the E.U. General Data Protection Regulation (GDPR) will apply to every organisation that processes E.U. residents’ personally identifiable information, with fines of up to 4 percent of annual worldwide turnover for noncompliance. Since law firms deal with plenty of personally identifiable information, they’ll need to ensure they’re following the GDPR by this date.
This requirement isn’t likely to go away after the U.K. leaves the E.U. either. To trade with E.U. member states after Brexit, GDPR standards are likely to be a prerequisite. Therefore, it is unlikely that the U.K. will transpose this regulation any less rigorously.
How can your firm ensure compliance without losing time to administrative—and non-billable—work? Here are a few tips:
1. Know the rules
Make sure you’re familiar with the rules outlined in the GDPR. This overview of the regulation from the Information Commissioner’s Office is a good place to start. You can also look for legal industry specific comments on the regulation from larger firms like DLA Piper.
The Information Commissioner’s Office also has a what’s new page that constantly gets updated with the latest guidance on the regulations from the Article 29 working party. Keep an eye on this page. There’s currently guidance on data portability, data protection officers, and lead supervisory authorities, but the working party is also expected to publish guidance on a number of other areas, including consent, transparency, and profiling.
2. Start early
May 2018 might still seem far away, but it’ll be here before you know it. If you don’t have measures in place to ensure transparency in how you use your clients’ personal data, you need to start planning now.
For example, can your clients access their personal data, and confirm that it is being processed? If not, start looking now at tools and processes that will allow your firm to do that. Which brings us to our final tip …
3. Use tools
Ensuring compliance with the GDPR might seem daunting, but luckily, your firm doesn’t need to go it alone. There are plenty of tools out there that will help your firm stay compliant without adding extra effort on your end.
For example, Amiqus ID is a fast, secure, and reliable tool that helps you to complete anti-money laundering, identity and ongoing compliance checks. Better yet, the company has recently launched an integration with Clio, the world’s leading cloud-based legal practice management provider. Clio’s integration with Amiqus ID provides you with a compliance dashboard that already addresses the key areas that firms need to consider in preparation for the implementation of GDPR, with more features to be added as guidance for implementation progresses.
Amiqus ID compliance features include:
- Explicit consent captured from both existing clients and prospective clients
- Data portability ensured through the possibility to export all of your clients from Clio to Amiqus ID, or from Amiqus ID to Clio
- Subject access requests repeatable for clients who wish to review their data
- The right to erasure (right to be forgotten) can be implemented upon client request
In other words, using a tool like Amiqus ID means you can dramatically reduce the time it takes to run ongoing compliance checks online and be confident that those checks adhere to the latest E.U. regulatory standards. So stay ahead of the curve and keep your firm compliant.