GDPR - The General Data Protection Regulation

Home
For members
Business support
GDPR - The General Data Protection Regulation

In our guide, we have included lots of useful information and guidance about how you and your business can prepare for GDPR.

The requirements under the GDPR are broadly similar to the Data Protection Act 1998 (DPA) but they give additional weight to the rights of the subjects of any data collection, most obviously, in terms of penalties.

If you are already operating good risk management, including being transparent about your data collection and storage and ensuring that your clients have given active consent to any processing operations not covered by one of the other grounds for lawful processing, then GDPR is not likely to be very onerous.

There's also the European Commission’s Article 29 Working Party webpage and you can find the official text of the General Data Protection Regulation at eur-lex.europa.eu.

GDPR guide for law firms

Our guide looks at the regulation and the Data Protection Act from the perspective of a legal practice.

Law firms as data controllers
Create a record of data processing
Client confidentiality, legal privilege and limited exemptions
Data retention
Sharing data with third parties
Data protection officers
Security
Reporting personal data breaches
Requests for client personal data
Appendix 1 - Consent
Appendix 2 - Example of a data protection policy
Appendix 3 - Background to the GDPR changes

Law Society blogs

We're publishing a series of blogs from experts, including members of our Privacy Law Committee, about the key issues and considerations you should take into account.

Data Protection Act 2018 and GDPR

Laura Irvine, partner at Davidson Chalmers Stewart solicitors and author of our 'Guide to GDPR', discusses how change in the final wording of the Data Protection Act 2018 will help solicitors when dealing with third party subject access requests.

Changes to the guidance on ownership and destruction of files

Fiona J Robb, Director of Professional Practice, talks about changes to the guidance on ownership and destruction of files in anticipation of the imminent arrival of GDPR.

GDPR - Privacy notices

Angus MacLeod, partner at Wright, Johnston & Mackenzie LLP, explains what you should put in a privacy notice and when you need to give one.

What’s new for controllers and processors under GDPR?

Tamasin Dorosti, recent secondee at our Brussels office, explains the new compliance obligations for 'controllers' and 'processors' under GDPR.

GDPR - Privacy by design and default

Deborah Dillon, EU Data Privacy and GDPR Executive Consultant at Atos, explains 'privacy by design' and 'privacy by default' and what this means for your organisation.

GDPR – New year, new guidance

Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, gives us an update on the latest General Data Protection Regulation (GDPR) guidance.

GDPR – Do you need a data protection officer?

Dr Kenneth Meechan, member of the Law Society of Scotland’s Privacy Law Committee, explains the new rules on data protection officers and sets out some important tasks which all law firms should consider.

GDPR – What is a legal basis and why does it matter?

Carolyn Thurston Smith, policy executive at the Law Society of Scotland, explains the legal bases in article 6 of the General Data Protection Regulation (GDPR).

GDPR – Changes to consent and what they mean

Domhnall Dods, regulatory solicitor and GDPR expert at Towerhouse and member of the Law Society’s Privacy Law Committee, explains the changes to rules around consent in the General Data Protection Regulation (GDPR).

GDPR – Personal data breaches and how to report them

Anna Drozd, policy adviser on professional issues at our Brussels Office, explains what personal data breaches are and how to report them under the GDPR.

GDPR – Plan, don’t panic

Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, explains why the General Data Protection Regulation (GDPR) is all-important for law firms.