General Data Protection Regulation
Anyone thinking they have had a soft landing since GDPR came into force last May needs to remain alert. Heightened awareness of consumer rights has resulted in more complaints to the Information Commissioner’s Office (ICO) and an increase in data subject requests. Requests are also increasingly being used as a tool in employment and partnership disputes, as a way of obtaining pre-action disclosure. Law firms can expect to see this impact on both their client work and their own business affairs.
Meanwhile, businesses have made significantly more breach reports to the ICO. What will the primary cause of law firm data breaches be? Hacking and ransomware attacks by foreign states? Possibly, but far more likely are the mundane causes closer to home – emails sent to the wrong person (the largest cause of legal sector breaches, according to ICO statistics), or