Legal practice and business I.T data protection
RES Info-Tech refers GDPR consultancy to its 'sister company' Thrive 2distinction Limited and assists law firms and businesses in meeting those legal obligations too. 'Thrive2Distinction' is a process consultancy company, with a specific qualification in Data Protection Compliancy.
GDPR applies to all controllers and processors of data to which, all businesses MUST comply. Compliance came into effect on 25th May 2018. If you are a processor, the GDPR does place a specific legal obligation upon you. Therefore you will have a significatly higher legal liability for any data breach.
GDPR applies to the processing of Personal Data and Sensitive Personal data.
All legal practices should be prepared now!
How will GDPR affect you and your legal practice?
The government are taking a no nonsense approach to the data protection and this includes the law society. So why should any other business be any different? The 1998 DPA Act has been omissing new technologies from its compliance laws. Now, with social media, online services, USB and external storage devices, phones and a vast exchange of personal data in most transactions, all businesses, including legal firms must protect customers and suppliers data at all times. As a result GDPR has been created.
The definition of personal data includes information as specific as an online identifier, such as an IP address. Not just a date of birth. GDPR relates to HR records, contact details, customer and supplier lists and email addresses used in marketing campaigns. As businesses scan Passports, driving licences and utility bills to prove identities, data must be stored securely, and backed up.
Sentive Personal Data:
GDPR relates to sensitive personal data for example: These include genetic data, and biometric data used to uniquely identify an individual. You may not think this matters to you, but how many of you open your smart phone with a thumb print?
Be under no illusion, GDPR enforces compliancy to protect the consumer and the fines for data breaches are extremely high:
Up to 10 million Euros, or 2% of the worldwide annual revenue for the previous financial year, which ever is greater.
Up to 20 million Euros, or 4% of the worldwide annual reveneue of the previous financial year, which ever is greater.
What to do?
It is wise to find out what your legal obligations are: