The starting point for GDPR compliance of your law firm has to be picking your key officer and team, then setting your budget for the project.
The key individual enabling all things GDPR is the Data Processing Officer (DPO) who is in overall control of the law firm’s data processing activities. He or she needs to be independent of the actual processing and have more of an overviewing supervisory and advisory role. Answering to the highest level of management, there is also a direct relationship with the Supervisory Authority, which in the UK is the Information Commissioners Office (ICO).
Achieve GDPR Compliance
The team which is envisaged at this stage is one that is empowered with the responsibility of seeing the firm’s GDPR project through to achieving compliance with the Regulation.
However, in essence the Team is the whole firm, solicitors, administration to partners. Without wholesale commitment from top to bottom it is very unlikely that the project will achieve compliance, let alone to maintain the standard on a continuing basis.
Setting a GDPR Budget
It is also vital that the firm allows a realistic budget for the project with a built in contingency as there are many areas for consideration that will inevitably be missed at first pass. Whether or not you seek external assistance, the project will take significant amounts of time and money. But it will be worth it.