Less than a year till the General Data Protection Regulation comes into force across Europe! Data protection even got a mention in the Queen’s Speech this week, with a commitment to implement GDPR prior to Brexit and to ensure the “ability to share data with other EU members states and internationally after we leave the EU”.
Law firms hold a large amount of data, especially sensitive personal data, so it’s important they are prepared for the new regime. Penalties for non-compliance are high, with fines potentially up to €20m or 4% of global turnover.
If you are looking for practical information to help your firm or company comply with the rules, why not attend CLT’s Data Protection: Get ready for the GDPR course? Presented by leading data protection expert and barrister Orlagh Kelly, this course will allow you to create your own plan to ensure GDPR compliance in your firm.
The right of an individual to request copies of their personal data in permanent form, as part of a subject access request, is expanded under the GDPR to include the right of erasure (‘the right to be forgotten’), and a right of rectification, which will place obvious administrative burdens on firms. The length of time in which firms will have to respond to subject access requests is reduced from 40 days to 30 days under the GDPR, and firms will no longer be entitled to charge the £10 fee for the subject access request. The GDPR includes breach notification provisions which apply to both controllers and processors. Firms will be under an obligation to report a breach of security that leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.