Gdpr compliance. Presentation for Consulegis Lawyers network
1. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
2. In this presentation
Introduction to GDPR
Who is affected by GDPR
GDPR in your law firm?
Impact of GDPR on business processes
Impact of GDPR on database management
Necessity of GDPR compliance
Opportunities offered by GDPR
Set-up of GDPR compliance trajectories
Contact details of the Sirius Legal IT/IP/Media team
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
An Introduction…
3. “General Data Protection Regulation” EU 2016/679
Replaces Directive 95/46/EG (which in itself was an update of a 1989 Regulation)
Determines rules that companies and organisations should follow
When “collecting” or “processing” “personal data”
“Personal data” = ANY piece of information that in itself or in combination with
Other pieces of information can allow somewhone to directly or indirectly
–with the help of third parties- identify a fysical person.
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
An introduction…
4. “General Data Protection Regulation” EU 2016/679
Replaces Directive 95/46/EG (which in itself was an update of a 1989 Regulation)
The times, they are a changin’…
1995
No online marketing
No “profiling” or “tracking”
No “cookies”
No “big data”
No “trigger based marketing”
No e-commerce or social media
No cloud, Internet of Things, drones, mobile devices, …
Less than 1% of EU population had an internet connection …
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
An introduction…
5. GDPR enters into force on 25 May 2018
NO transition period
National Privacy Authorities will be entitled to impose VERY high fines
(4% of worldwide turnover)
GDPR compliance is inevitable
Companies do best to see GDPR as an commercial opportunity/advantage and
start early (although it is probably to late to start “early”)
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
An introduction…
6. EVERY company that collects, stores or “processes” “personal data”
Obviously
Anyone in (online) marketing
Banking
Finance
E-commerce
Travel
But also
ANY company that has a client database
ANY company that has an HR/personel data base
ANY company that has an accounting database
Any company that has a procurement database
…
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Who is affected…?
7. EVERY company that collects, stores or “processes” “personal data”
Regardless of size, sector or type of activity
That means just about every company or organization
ALL of your clients, regardless of their business
Private clients
SME and independant workers
Corporate clients
Not-for-profit organisations
Gouvernement and public services, hospitals,…
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Who is affected…?
8. GDPR compliance is inevitable for all of your clients
Most companies are unaware of obligations and consequences
But even more so…
YOUR FIRM should start working on its own compliance
Your client data base also falls under GDPR compliance obligations
Consulegis as an organisation should start working on its own compliance
Its contact data base and membership database also falls under GDPR compliance
Obligations…
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
GDPR in your law firm…?
9. Only work with “safe” subcontractors (we are already seeing the consequences of this in the marketing sector)
Have in place written contracts with a series of mandatory data security clauses
Data processing log journal within the organisation
Appropriate technical and organizational measures, to ensure an appropriate
level of security” (pseudonimise, security, back-ups, access restrictions, …)
Data Protection Impact Assessment
Data Breach Notification obligation (+ appropriate procedure in place)
Data Protection officer within the organization
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Impact of GDPR on business processes
10. Information and consent
Legality of processing – opt-in remains basic rule – “justified reasons” (DM?)
Proof of prior “informed” and “free” opt-in required for data controller
-16 YO? Consent only by parents
Buying (or selling) data base? Obligation to inform data subject within 30 days
Right to object to profiling
Right to object to electronic decision taking
Data portability
Right to be forgotten
Privacy by design
Privacy by default
Data portability
Pseudonymous or anonymous data
…
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Impact of GDPR on database management
11. Clients (and law firms) should be well prepared…
Most important articles (cfr. Profiling, PIA, data breach notification, DPO, …)
Fines up to 20 mio euro
Or up to 4% of worldwide turnover
Movement towards “level playing field” within EU will lead to more proactive action
by authorities in traditionally “soft” countries (e.g. Belgium)
+ damage compensation
+ damage to company/brand image
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Necessity of GDPR compliance
12. GDPR compliance is inevitable for all of your clients
Most companies are unaware of obligations and consequences
Important part of compliance trajectory is legal work (as we will see in the
upcoming minutes), but IT firms and business consultants are gradually occupying the
field
Opportunity for clients to
Use GDPR compliance as a sales argument
Use GDPR compliance as a means to install proper business processes, data
ownership, appropriate security, …
Opportunity for law firms to
Strengthen relationship with your clients by informing/alarming them in time
“Upsell”
Consulegis as a network to act on cross border level…
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Opportunities offered by GDPR…?
13. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
14. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
15. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
16. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
17. Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
18. Independants
Work load +/- 2 days
Timing: 3 to 4 weeks
SME’s
Work load
Depending on size, maturity and
complexity
Work load: 5 to 25 days
Timing: 1 to 4 months
Corporate entities
Depending on size, maturity and
complexity
Work load: 20 to … days
Timing: 3 to 10 months
Why GDPR compliance is important to your law practice
Consulegis European Regional Meeting 2017
Set-up of GDPR compliance trajectories
19. Our IT/IP/Media team
Media & advertisement law
Copyright - trademarks - datebases - software - knowhow
Travel & consumer protection
IT, Internet & e-commerce
Privacy, data protection & cookies
Gambling & gaming
info@siriuslgal.be or bart@siriuslegal.be
www.siruslegal.be
Facebook.com/siriuslegal