What does GDPR mean for law firms?

18 December 2017

In our latest bulletin we look at the implications of the General Data Protection Regulation (GDPR) for law firms. Time is running out. After years of talk, implementation of GDPR is only months away, with a deadline of 25 May 2018.

We are very grateful to Neil Trayhurn and Chris Stanton at Keoghs LLP for providing us with their thoughts and guidance on this important topic.

All organisations have an obligation to ensure compliance with the GDPR. It is essential therefore that all law firms spend time working through what they need to do. We would urge all those responsible to ensure that they have done everything they can to formalise their firm’s strategy of compliance.

Everyone by now knows about the penalties under GDPR: up to the greater of €20 million or 4% of worldwide turnover – making them almost limitless.

Few expect that to be a common occurrence, but if there are examples to be made, it’s likely to be big businesses that are hit hardest.


The GDPR will come into force on 25 May 2018. It has wide-ranging effect for organisations across the sectors, including law firms. It is expected to remain relevant following Brexit, with the Data Protection Bill taking over the data protection mantle for the UK.

GDPR touches on a number of internal and external activities and functions that law firms engage in including employee records, marketing, data security, and business continuity. With increased fines coming in, it is essential that law firm management understand the new law’s impact, educate employees about what they need to do to protect the firm, its clients and its reputation, and embed processes to ensure that data protection is being properly managed.

There is much general advice available about the GDPR and steps that should be taken to prepare for it including exercises such as auditing data held, on what legal basis it is being processed and raising awareness of employees.

This bulletin reviews some of that information in the context of file retention and provides a step by step guide to the main areas of compliance.

Download Technical & Legal Bulletin

For further information please contact Martin Ellis, Head of UK Professions and Legal Practices Group on +44 20 7528 4704 or email martin_ellis@jltgroup.com