From Legal Futures’ Associate Clio [1].
Under the General Data Protection Regulation (GDPR) [2], all businesses, including law firms, have a lot more responsibility when handling their clients’ personal data.
To give just one example, firms are now more accountable for the personal data they hold. They must maintain records of the legal basis for collecting the data, how it’s being used, and why, and they’re also responsible for making sure data can be recovered if needed.
At a technical level, staying GDPR compliant is more onerous than it may seem. For example, if you’re using an on-premise solution, and a client asks you to delete all of their data, you’ll need to individually make sure the data is deleted from:
- All servers
- All backups
- Any other devices or software services or storage solutions that the data was synced to
You’d also need to record exactly how you went about deleting this data, and you’d need to be prepared to provide those records if needed. In other words, there’s a lot to keep track of—and getting certain aspects of the GDPR wrong can result in fines of up to €20 million or 4% of annual worldwide turnover.
Luckily, cloud-based solutions make it a lot easier to ensure you’re following best practices and staying GDPR compliant. This means you can spend less time poring over technical details related to the GDPR, and more time practicing law.
Here are three benefits of using the cloud under the GDPR:
1. Automatic security updates
Keeping client data secure is more important than ever under GDPR. As the Information Commissioner’s Office states [3], lawyers must use encryption where appropriate and conduct regular testing and reviews of security measures to ensure their effectiveness.
Depending on the technology you use, this can mean a lot of extra work for you, your staff, or your IT department. For example, if you’re using on-premise server-based solutions, you’ll need to confirm all security updates to your software are implemented correctly and in a timely manner, and you’ll need to record how this was done.
However, most cloud-based solutions provide security updates automatically, so you never need to worry about software that isn’t up to date.
For example, Clio uses the strongest industry-recognised cypher suites to encrypt your data, and we frequently update our software to align with changing best practices around security. Our development processes are automated such that our software is scanned for vulnerabilities which are addressed before updates are deployed. Our systems teams ensure that servers are securely configured and updated as soon as security updates are released.
Learn more about Clio’s data security standards. [4]
2. Support from your provider
Under the GDPR, protecting clients’ personal data is your law firm’s responsibility. However, by carefully selecting your technology providers and ensuring they adhere to the GDPR, you can get a lot of support.
Consider the example above, where you’d need to carefully go through several steps to ensure a client’s data was properly deleted according to the GDPR. With Clio, you’d be able to delete this hypothetical client’s data from the app in just a few steps—in its role as a data processor for law firms, Clio would take care of many of the more technical aspects of this deletion, and would ensure that it had been recorded.
In summary, cloud-based solutions like Clio give law firms more tools to make it as simple as possible to comply with the GDPR.
Looking for a cloud solution? At minimum, law firms should ensure that any cloud software they’re evaluating:
- Has updated its product and business operations to comply with GDPR guidelines.
- Explicitly acknowledges its role as a data processor for law firms.
- Has updated its terms of service and privacy policy to comply with GDPR.
Clio has done all of the above, and continues to fulfill its role as a data processor for law firms, while providing tools and customer service to help law firms meet their responsibilities as data controllers.
Learn more about Clio and the GDPR. [5]
3. Peace of mind for data storage
The GDPR requires businesses to ensure they can restore access to personal data in the event of any incidents. If you’re using an on-premise solution, and something happens to your servers, restoring all of your client’s information could be a tall order. (You’d also need to notify each client of what happened.)
By leveraging economies of scale, cloud-based software providers are able to employ much stronger safeguards to protect client data than is feasible for most small to medium-sized law firms. In other words, for most law firms of this size, cloud-based software is definitely worth considering.
For example, Clio spends hundreds of thousands of pounds each year on a dedicated security team, state of the art technology, and strong process to limit the likelihood of an incident. Clio also ensures geographic redundancy is in place, meaning Clio stores your firm’s data in more than one server—all located within the EU—so that your data will remain safe in the event of a natural disaster or other major catastrophe.
For extra peace of mind, you can easily set up an additional, personal backup of your Clio information.
Easier GDPR compliance with cloud-based software
Meeting your law firm’s responsibilities under GDPR can take a lot of time and effort, but with the right tools and the right support, you can make it easier to adhere to your duties as a data controller.
Choose a case management software for your practice that is cloud-based, follows security best practices, and explicitly adheres to GDPR, and you’ll have a little more peace of mind and a lot more time and energy to dedicate to helping clients.
Looking for cloud-based case management software and need more advice? Read the 10 things you need to consider before making your choice. [6]
You can read this blog on Clio’s own website [7] where it was originally published.