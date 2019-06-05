Complying with data protection rules is not just about preventing breaches, it also enhances your engagement with clients, says Hilary Campton

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and brought in expanded rights to individuals and their data, placing greater obligations on all businesses that process personal data.

Like many law firms, we began preparing for GDPR at the start of 2017. This first step was to establish a GDPR team and to create a clear project plan to ensure and maintain compliance.

This included cleansing and updating data records, securing consent to market, creating policies and procedures for subject access and right to be forgotten requests, gaining the Cyber Essentials security accreditation, and implementing a firm-wide training scheme.

One-year anniversary

In the months leading up to 25 May 2018, one of the biggest concerns for organisations was the GDPR’s huge fines for infringements.

Although the Information Commissioner’s Office (ICO) had had the power to issue penalties under the previous data protec...