How to comply with UK GDPR

UK GDPR is complex and your compliance with it is a matter for you as well as a requirement of the firm. The ICO has said it will impose fines on the party responsible for the breach; accordingly, data processors who breach UK GDPR can also be fined. Fines can run into the millions, so compliance is important. The following obligations should be taken as a minimum:

  1. Consider whether you are a data controller (using the ICO's self-assessment tool) and if so, whether any of the exemptions apply (see the ICO guidance). Data controllers whose processing is not exempted must register and keep up that registration.
  2. Familiarise yourself with our Privacy Policy and our Information Retention Policy.
  3. Refer data subject requests to the Director of Operations and Compliance.
  4. Do not ask for more personal information on a matter than you need.
  5. Only use personal information for the purpose for which it was provided.
  6. Keep personal information safe. Follow our IT Usage Policy and remember, don't let client data (e.g. emails and texts) be backed up into iCloud, Dropbox or any non-secure computer/server and always encrypt any file you put on a removable drive (e.g. USB). Click here for a refresher on how to encrypt files on a removable drive and ensure your phone is password-protected with a six-digit password (or face or fingerprint recognition) and you sync only recent emails to your phone.
  7. Be very careful when attaching docs to emails that you get the right one and that you send the right email to the right recipient. Sending an email to a person with a similar email address to the intended recipient is a common, and sometimes very costly, error.
  8. Put all files in NetDocuments, either as the matter progresses or at the end of the matter.
  9. Ensure you delete data you cannot keep at least every year (see Deletion of data, below).
  10. Ensure you archive physical files regularly and ideally as soon as you have a full box of documents or every six months.
  11. Ensure you keep a full file in NetDocuments. This can be helped by bcc-ing yourself on emails to be filed. Click here for tips on saving documents to NetDocuments.
  12. Don't send out mass marketing emails without first having spoken to the Director of Marketing and Business Development.
  13. Tell the Director of Operations and Compliance if you plan to base yourself outside the European Union, Andorra, Argentina, Canada, Faroe Islands, Gibraltar, Guernsey, Iceland Israel, Isle of Man, Japan, Jersey, Liechtenstein, New Zealand, Norway, South Korea, Switzerland, Uruguay or the US.
Document Upload System