Data Protection & the GDPR - What Law Firms Need to Know
The GDPR came into force on 25 May 2018 and this course is aimed at those who require an intensive introduction to the complex new regime of data protection. It is specifically designed for delegates working in private practice law firms.
What You Will Learn
This course will cover the following:
- The role of the Information Commissioner and important guidance and codes
- Where might the ICO’s priorities and attention be focused during 2018/19?
- The influential role of the new European Data Protection Board (‘EDPB’). Why it will be important to take its opinions, statements and guidance into account
- The GDPR as applied by the DPA 2018 to the UK
- Vital matters to deal with before using the services of external cloud service providers, document shredders and other third party ‘Processor’ companies
- The requirement to have a compliant contract with a Processor
- Might a solicitor’s firm ever be classified as a ‘Processor’ rather than a ‘Controller’?
- What about other professionals instructed by a solicitor?
- When might a solicitor’s firm need a Data Protection Officer (‘DPO’)?
- How a law firm can comply with the new regime, especially from the point of view of:
- Deciding the purpose or purposes and the basis or bases for processing of personal information within the context of a legal practice
- Why consent is unlikely to be the most appropriate basis for many professional purposes
- Privacy notices and policies and how they should be set out and the particularly troubling issue of secure communications with clients, witnesses, ‘the other side’ and even the courts
- When might the use of unencrypted e-mails be appropriate?
- The vexed issue of retention periods in the context of a law firm. A suggested, albeit restricted, means for a practice to retain a file for an extended period
- The potentially serious limitations on transferring personal information out of the EEA or to an international organisation
- Advertising, marketing and publicity by a professional firm - the factors to take into account
- The penalties and even criminal liability for ‘getting it wrong’
- When and how rapidly must the ICO be informed about a potential or actual data breach?
- The importance of having a data breach policy and reporting mechanism in place
9:30am - 5:15pm
Please let us know if you wish to be notified when new dates are added for this programme