GDPR: preparations needed before and after 25 May 2018.

Nick Stone, ARK Group conference producer, talks to three GDPR experts: Alison Matthews, Director of Quality and Risk at ShoosmithsWilliam Richmond-Coggan, Partner at Pitmans Law and Gordon Jones, Partner at Kreston Reeves.

GDPR: preparation needed before and after May 2018.

I was on a conference call today, where I had a chance to catch up with three GDPR experts: Alison Matthews (Shoosmiths), William Richmond-Coggan (Pitmans Law) and Gordon Jones (Kreston Reeves). We all agreed that GDPR is very much ongoing with reviews and improvements to processes, supplier relationships, inventories and contracts. “A golden opportunity” as Alison said. Supply chain management, contract review and making sure your GDPR clauses are up to date will all be ongoing concerns, Alison also added. Even after GDPR day on 25 May.

William built on this by talking about the importance of ongoing training rather leaving everything in a box. He talked about the need to run internal scenario planning exercises well after 25 May with breach notification and disaster and recovery stress testing. GDPR needs to be taken very seriously by law firms and should not to be downplayed, he added. By ensuring they are GDPR compliant, firms will see the business benefits in relation to tendering of future work, client audits and reputation risk.

Nobody wants to be the next Cambridge Analytica is your Law Firm on target to not be the next target…?

Our call could hardly be more timely. The Information Commissioner’s Office has now confirmed it is examining the possible illegal acquisition of Facebook data by UK marketing firm Cambridge Analytica, and has promised to bring all its powers to bear during the investigation. 

Alison reminded us about anticipating the “tsunami” of subject access requests, which we should be all be expecting at 25 May. But even now, there’s still much to do - checking data deletion software, changes to data inventory and audit issues. And it’s not just GDPR which will remain a live issue after 25 May, Gordon highlighted the oncoming e-privacy regulations He talked about sales and business departments getting in touch and building up that relationship with new prospect businesses – using current ePrivacy, rather than waiting for the new regime to hit.

Don’t lose your legal briefs!

Of course, the area of Facebook and Cambridge Analytica is certainly bringing this area to the top of the news – just in time for the ICO social media campaign about Data Access Reports. Gordon foresees a spike in such requests over the next few months as people decide to enquire ‘what do they have on me’. 

GDPR after 25 May 2018: no-one is an island 

You’ll see and have a chance to ask questions for Alison Matthews, William Richmond-Coggan and Gordon Jones taking part in a panel discussion looking at GDPR after 25 May. This is part of the ARK Group GDPR event in central London on 24 April. As Alison said, the event will be a great opportunity to share vital “nuggets on information”. Nobody is an island and we can learn something from our peers on this most consuming of topics.