Law Society publishes GDPR guide for law firms

A new guide about the General Data Protection Regulation (GDPR) and data protection for law firms, has been published by the Law Society of Scotland.

The Law Society’s Guide to GDPR shows the steps solicitors should take to help comply with the new European Union regulation.

The GDPR, which introduces new rules about data protection and privacy, comes into force on 25 May.

The Law Society’s Executive Director of Member Services, Paul Mosson, explained that although the profession was generally well prepared for the introduction of GDPR, and ultimately the Information Commissioner’s Office would be responsible for regulating GDPR and providing guidance, the new guide specifically for law firms would further help to promote compliance.

He said: “All organisations that process personal data must comply with GDPR but law firms face specific issues over privacy and how they handle data.

“It’s important that we can provide support for our members prior to the introduction of the GDPR later this month. Our guide considers the new regulation and the Data Protection Act from the perspective of a legal practice, looking at how GDPR will impact solicitors’ current processes and identifying the steps to take towards compliance.”

The guide’s author Laura Irvine, a partner at BTO, said: “While solicitors in Scotland will be familiar with the Law Society rules on client confidentiality, GDPR is also concerned with protecting personal data, but it brings in a new principle of accountability for all organisations. The profession should see this as an opportunity to consider how it deals with personal data in the 21st century and I hope that this guide will assist solicitors in Scotland to do this.”

The new guide has been sponsored by leading global provider of IT governance, risk management and compliance solutions, IT Governance.

Alan Calder, CEO and executive chairman, said: “We are very pleased to be working in partnership with the Law Society of Scotland on this valuable GDPR project for its members. IT Governance is at the forefront of helping organisations around the world address the challenges of GDPR compliance. With many years’ experience in the legal sector, we are well-placed to help firms get on track with their GDPR compliance projects, better understand their specific cyber security risks and help them through the challenges ahead.”

The Law Society has written to all law firms in Scotland about the guide, which will be updated with further information and advice once GDPR comes in to force.