Three-quarters of law firms “unprepared” for EU data regulation with six months to go


Computer security: Firms that say they have not been subject to attack may well be wrong

Three quarters of law firms are still unprepared for the EU general data protection regulation (GDPR) which comes into force next May, potentially opening them up to large penalties, according to new research.

It also found that one in five law firms admitted to experiencing an attempted cyber attack in the last month and that fewer than a third of IT directors believed they were compliant with all cyber-security legislation.

The survey of 150 IT decision makers in the legal sector was commissioned by IT provider CenturyLink. In a report it said compliance with the GDPR was critical and that firms faced a maximum fine of €20m or 4% of turnover for data breaches.

The report cited Joanne Frears, consulting solicitor at Reading law firm Blandy & Blandy: “Those 75% of firms that admit they are not prepared… for these changes have a chance to get ready, but time is running out.”

She warned that Brexit would not help, because the UK would have to have “robust data protection compliance equivalent to GDPR” in any case, or else “most of the UK service and technology industries would fold as a result”.

As well as 20% of firms acknowledging recent cyber attacks, 44% said they had been the victim of one in the last year. Ms Frears cast doubt on the truth behind another finding, that a third of firms claimed they had never experienced a cyber attack.

“The average length of time it takes to discover a cybersecurity breach is 196 days… [Those firms] could simply be unaware that malware has been planted on their system, or that perhaps one of their accounts staff is currently being spear-phished [targeted with hackers’ emails].

“This lack of awareness and preparedness is one of the biggest risks the profession faces.”

The report noted that the two-thirds of firms possibly not compliant with existing legislation on data protection risked substantial fines.

A fine of up to £500,000 could be imposed by the Information Commissioner and data protection failures could also be punished with sanctions by the Solicitors Regulation Authority.

It suggested use of the cloud by firms could help improve data security because the technology was maintained properly by the provider. Also, internal firm behaviours with a cloud system were less likely to lead to breaches.

It found that 43% of firms had already moved to the cloud.

Tags:




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Use the tools available to stop doing the work you shouldn’t be doing anyway

We are increasingly taken for granted in the world of Do It Yourself, in which we’re required to do some of the work we have ostensibly paid for, such as in banking, travel and technology


Quality indicators – peer recommendations over review websites

I often feel that I am banging the SRA’s drum for them when it comes to transparency but it’s because I genuinely believe in clarity when it comes to promoting quality professional services.


Embracing the future: Navigating AI in litigation

Whilst the UK courts have shown resistance to change over time, in the past decade they have embraced the use of some technologies that naturally improve efficiency. Now we’re in the age of AI.


Loading animation