As is the case with most other professions, lawyers too will need to gain a good understanding of the incoming General Data Protection Regulation (GDPR) regime to ensure both their own firm’s compliance and to advise clients on complex new obligations.
The issue is critical because lawyers are used to dealing with sensitive personal information, and confidentiality is a matter of professional conduct for them.
Across organisations, Security measures such as encryption and ‘pseudonymisation’ need to be considered. Policies will need updating to ensure that data subjects are given the required data processing information at the appropriate time.
The drafting of such information notices will present a challenge to lawyers as they try to set out all of the information in a clear and concise manner. A layered approach to the drafting of such notices is one that will be favoured by many.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.