Lawyer Monthly Magazine - May 2019 Edition

You’ve Been Served! GDPR Fines Hit Home… Time for Legal IT Teams to Embrace Cyber Best Practices Almost a year has gone by since the biggest change toEurope’s privacy laws inageneration came into force. The GDPR turns one in May, and according to the latest figures, it is already having a positive impact on organisations in terms of transparency and accountability. But being open and honest will only get you so far. For those in the legal sector, it’s particularly important to use this opportunity to improve corporate cybersecurity. Not only will it help to avoid the GDPR fines that are landing with increased regularity, but in so doing, law firms can also protect their hard- won corporate reputation. The GDPR gloves are off Ever since the starting pistol was fired on 25 May 2018, commentators had been waiting for regulators to levy the first major fine. After all, this was the law that introduced potentially astronomical fines of up to 4% of global annual turnover (or £17m, whichever is higher) for non-compliance. In the end it came, perhaps unsurprisingly, at the expense of a US tech giant. Google was hit with a €50m (£44m) fine by a French regulator in January for failing to properly inform customers on how it personalised its ads. However, it’s not alone. Although there have been no more fines quite that size, regulators have been increasingly willing to penalise those seen to be failing on compliance. Most recently, the Polish regulator (UODO) slapped a £187,000 fine on a firm for its failure to notify consumers about using their personal information. As of February, DLA Piper claimed there had been 91 fines issued — most of which related to breaches of personal data — and over 59,000 breach incidents reported to regulators. This is particularly important for businesses operating in the legal sector. Why? Because the sensitive data they handle and trusted links to client organisations make them a lucrative target for hackers. According to a study published by the National Cyber Security Centre (NCSC) in 2018, £11m of client money was stolen over the preceding year and 60% of law firms reported an information security incident — a 20% year- on-year increase. An attached report highlights the top four threats facing the sector as: phishing, data breaches, supply chain and ransomware attacks. Back-up now! While the link between data breaches and GDPR is well understood, the potential impact of ransomware on compliance may be less so. MAY 2019 24 Special Feature www. lawyer-monthly .com