SharePoint GRC, ECM and Information Architecture

What is GDPR

The GDPR (General Data Protection Regulation) is designed to consolidate data privacy laws across Europe. Its purpose is to protect and empower all EU citizens’ data privacy and to revamp the methods companies across the region use to handle data privacy. At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data.

What is Office Delve and how it can find contents without search

In a nutshell, the purpose of GDPR is to improve the protection and privacy of all personal data collected about European Union data subjects.


The primary reasons for the GDPR regulation may be as follows:

  • To provide EU citizens with more power over how their own personal data is used.
  • To strengthen trust between digital services providers and the people they serve.
  • To provide businesses with a clear legal framework under which they can operate, removing any regional differences by creating a uniform law across the EU single market.

GDPR for Law Firms

Fundamentally, almost every aspect of our lives revolves around data. When it comes to confidential and highly personal data, law firms store a lot of information and they have a major role to play. As such, Law Firms have a greater responsibility to keep data safe and take accountability for how data is collected, stored and used. For law firms, it is important to understand how personal data of clients and employees are collected, stored and used in order to ensure compliance.

What is Office Delve and how it can find contents without search

It is important to note that even if your firm is based outside the EU, the GDPR will still apply as long as you deal with personal data belonging to EU citizens.

GDPR – The Best Practice For Safety

Law Firms have to consider GDPR and view it quite seriously as safety and security of data are paramount with GDPR stipulations.

What is Office Delve and how it can find contents without search

The below steps are to be followed for GDPR

  • The rights of any persons to have control over their data - this includes their rights for their information to be erased and/or forgotten.
  • Information regarding the processes of collecting and handling data - there needs to be a clear understanding of how law firms collect data from individuals and how they handle it.
  • The need for Data Protection Officers (DPO) - these are assigned individuals who will oversee all compliance, regulation and assessments within a firm.
  • The need for Data Protection impact assessments – Data Protection Officers will need to undertake assessments with the help of all departmental heads to audit current processes and identify areas that need to be amended, changed or stopped.
  • Receiving consent from clients and how their personal data will be used - law firms will need to explain in easy-to-understand language clearly when asking permission for consent from an individual as to how their data is intended to be used.

Kickstart Your Firm’s Journey To GDPR Compliance

It’s clear that noncompliance with the GDPR could be a real threat to the future of many organizations. But on the other hand, personal data has tremendous value. If it’s managed properly, it can create significant competitive advantage. If a data breach occurs in your company, you may be subject to fines of up to 4% of total profits for the previous year or €20 million.

GDPR also has the potential to bring internal benefits to the organizations that fully invest in and commit to ongoing GDPR compliance.

Proper security measures include:

  • Servers being protected by application, database, file, and full disk virtual machine encryption.
  • Storage being protected by storage area network and network-attached storage encryption.
  • Media being protected by disk encryption.
  • Networks being protected by high-speed network encryption.
  • Strong key management being used to secure encrypted data.
  • Deleting user’s files and information to comply with the user’s right to be forgotten, as prescribed by the GDPR.
  • Having a way to ensure the identity of users and the legitimacy of their transactions.

Should your firm suffer a data breach of any kind, it’s vital that there are measures put in place at every level to ensure the security of any further consequences. Failure to deal with data security could lead to hefty fines - at least a minimum of 4% of your annual turnover.

What lawyers need to know

What is Office Delve and how it can find contents without search

Lawyers and law firms will need to consider the below:

  • The GDPR places greater emphasis on accountability. This means you must have an accurate record of the data you hold, demonstrate how it was collected, and whether the collection is lawful.
  • You must be able to demonstrate that you are managing personal data in a manner compliant with the regulations.
  • Firms must be able to supply, on request, the details of the data they hold and how it has been used.
  • The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA. Law firms will need to ensure they allow individuals to exercise a range of individual rights, including the right to be forgotten, right of data portability and right of access.

GDPR – For the greater good

What is Office Delve and how it can find contents without search

Remember that these changes will replace the stale data protection laws that left both individuals and businesses at risk. With GDPR, it is hoped that these modernized and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust. So if you haven’t started a data compliance review, now is the time to do so!


Knowledge Team

SAI Twitter News