eDiscovery Daily Blog

GDPR is Here! Is Your Law Firm Fully Prepared for It? Maybe Not: Data Privacy Trends

Unless you live under a rock, you know that the deadline for compliance with Europe’s General Data Protection Regulation (GDPR) has come and gone (it was May 25 – almost three weeks ago now).  So, does that mean your law firm is fully ready for it?  Based on the results of one survey, the odds are more than 50-50 that they’re not.

In Legaltech® News (Not Just Corporate: Law Firms Too Are Struggling With GDPR Compliance, written by Rhys Dipshan), the author covers a recent Wolters Kluwer survey which was conducted among 74 medium (26-100 staff members) to large (100-plus) law firms.  The result?  Less than half (47 percent) feel fully prepared to address the new GDPR requirements.  Another 16 percent of respondents said they were somewhat prepared and more than a third (37 percent) had made no specific preparations.

Barry Ader, vice president of product management and marketing at Wolters Kluwer, noted that part of the reason why many law firms were unprepared for GDPR was because they thought there would be an extension to the deadline. “Many of the law firms kind of half expected that there would be a delay, and they wouldn’t have had to solve the problem by May 25,” he said.  Ader also noted that the lack of preparation was also a sign that “law firms just don’t have the necessary skills, people, and budget to figure out how to handle GDPR.”

Other notable results:

  • Fewer than half of respondents (43 percent) had assigned a Data Protection Officer, a requirement of many organizations under GDPR. However, nearly 60 percent had assigned an individual, team or outside consultant to lead GDPR compliance efforts. And, approximately 72 percent of those surveyed were also investing in cybersecurity solutions due to the new regulation.
  • With regard to employee training on security, the survey found that only 43 percent of law firms conducted security and privacy training annually, while 24 percent had done training in the past three years. An additional 15 percent said that while they did not currently train employees, they were planning to do so in the near future. Amazingly, 17 percent of respondents did not conduct training and had no plans to train at all.

If you’re a client of a law firm, you may want to check to see if your firm can demonstrate full preparedness for GDPR.  If you believe this survey, chances are greater that they can’t do so than they can.

So, what do you think?  Is your organization fully prepared for GDPR?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.