GDPR and your firm

Intellectual Property & Data Protection Law 06/04/2018

We are all familiar with the EU General Data Protection Regulation (GDPR), and the need to prepare for May 2018. The GDPR will introduce new obligations and financial penalties arising from data breaches. The regulation comes into force on 25 May, while the Data Protection Bill was published in early 2018.

The GDPR introduces specific provisions on security of data, data breaches, requirements to notify breaches to the Data Protection Commissioner (DPC), and penalties for breaches.

Why is the GDPR important?

  • Law firms are data controllers and, as such, have to comply with the GDPR provisions whenever the firm processes personal data,

  • ‘Personal data’ is data that relates to identified or identifiable living individuals,

  • The definition of ‘processing’ is wide and includes any collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, erasure or destruction of data,

  • Law firms have a large depository of client personal data as well as employee data,

  • Data security should be the concern and responsibility of all in the firm, from the senior partner downwards. Everyone in the firm should have an understanding of the GDPR, and should understand their responsibilities.

Getting GDPR ready

If you have not already done so, you should start now. The Intellectual Property and Data Protection Law Committee, together with Law Society Finuas Skillnet, has prepared two online learning resources to assist practitioners.

It is recommended that practitioners find out more about the GDPR, why it matters to law firms, and what to do to prepare for May and beyond, by watching and listening to the online seminar ‘GDPR: An introduction: a practical guide for practitioners’. The seminar is in four modules and covers the following topics:

  • An overview of the changes,
  • The SME toolkit,
  • Right of access,
  • Breaches and data litigation.

The seminar is available free from March 2018 to the end of the year.

The second online resource, ‘GDPR: How to get your firm GDPR ready – a practical guide for practitioners’, gives a more detailed and practical look at preparing a law firm for GDPR, and answers many frequently asked questions.

The above seminars are available on the Law Society Professional Training page at

In addition to these training resources, the committee is in the process of preparing written guidance and precedents to assist practitioners. As these resources become ready, they will be made available on the data protection page at

Other GDPR resources

Practitioners may find the following resources useful: