Our GDPR guide for law firms provides a step by step guide to understanding GDPR. The requirements under the GDPR are broadly similar to the Data Protection Act 1998 (DPA) but they give additional weight to the rights of the subjects of any data collection, most obviously, in terms of penalties.
You can find the official text of the General Data Protection Regulation at eur-lex.europa.eu.
GDPR guide for law firms
Data protection regulations from the perspective of a legal practice
- Law firms as data controllers
- Create a record of data processing
- Client confidentiality, legal privilege and limited exemptions
- Data retention
- Sharing data with third parties
- Data protection officers
- Security
- Reporting personal data breaches
- Requests for client personal data
- Appendix 1 - Consent
- Appendix 2 - Example of a data protection policy
- Appendix 3 - Background to the GDPR changes
Law Society blogs
We're publishing a series of blogs from experts, including members of our Privacy Law Committee, about the key issues and considerations you should take into account.
Laura Irvine, partner at Davidson Chalmers Stewart solicitors and author of our 'Guide to GDPR', discusses how change in the final wording of the Data Protection Act 2018 will help solicitors when dealing with third party subject access requests.
Fiona J Robb, Director of Professional Practice, talks about changes to the guidance on ownership and destruction of files in anticipation of the imminent arrival of GDPR.
Angus MacLeod, partner at Wright, Johnston & Mackenzie LLP, explains what you should put in a privacy notice and when you need to give one.
Tamasin Dorosti, recent secondee at our Brussels office, explains the new compliance obligations for 'controllers' and 'processors' under GDPR.
Deborah Dillon, EU Data Privacy and GDPR Executive Consultant at Atos, explains 'privacy by design' and 'privacy by default' and what this means for your organisation.
Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, gives us an update on the latest General Data Protection Regulation (GDPR) guidance.
Dr Kenneth Meechan, member of the Law Society of Scotland’s Privacy Law Committee, explains the new rules on data protection officers and sets out some important tasks which all law firms should consider.
Carolyn Thurston Smith, policy executive at the Law Society of Scotland, explains the legal bases in article 6 of the General Data Protection Regulation (GDPR).
Domhnall Dods, regulatory solicitor and GDPR expert at Towerhouse and member of the Law Society’s Privacy Law Committee, explains the changes to rules around consent in the General Data Protection Regulation (GDPR).
Anna Drozd, policy adviser on professional issues at our Brussels Office, explains what personal data breaches are and how to report them under the GDPR.
Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, explains why the General Data Protection Regulation (GDPR) is all-important for law firms.
GDPR and data protection training
Search upcoming training on data protection and the GDPR.
