The Law Society of England and Wales has published a comprehensive guide to the new General Data Protection Regulation (GDPR) for law firms, ahead of new data protection rules coming into force this month.
The GDPR has replaced the existing Data Protection Act (DPA) as of Friday 25 May 2018.
The key differences centre on how personal data is stored and used. For example, companies will now be forced to maintain records of ‘consent’ and consumers will be gifted the right to be ‘forgotten’.
All ‘personal’ data is protected by the GDPR. That includes online and offline identifiers, such as IP addresses and phone numbers. As a general rule of thumb, any information which fell within the scope of the DPA also falls within the scope of the GDPR.
The other key difference is in the penalties for law firms which fail to proactively protect consumer data.
Under the new regime, the Information Commissioner’s Office (ICO) can issue fines of up to four per cent of global turnover, or 20 million euros, whichever is higher.
The Law Society’s guidance in full can be accessed here.
At The Fish Partnership, we have a long history of assisting a wide range of legal clients with tax and business advice and support. If you would like to know more about our services, please contact us.