Much of this relates to the cultural set-up of a firm, which can be translated into the principles of good governance. All staff within your firm from Solicitors to Admin staff need to be both informed and involved if you are to avoid stumbling over one of the numerous tripwires contained in the Regulation.
Law firms are all going to need to think carefully about the resources needed to support the smooth and secure operation of GDPR. There are strict time limits involved in certain aspects of the GDPR portfolio, crucially in the issues of DSAR’s and Breach reporting. To ensure that there is continuing compliance they need to be documented, regular processes and systems reviews. One of the most significant of these is the importance of a culture of openness and transparency in dealing with breaches and Data Subject Access Requests (DSAR’s).