<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">

Recommended Blogs

  • Sprout IT's latest tips for cyber resilience

    The New Year is here and we wanted to consider the state of cyber resilience as we moved into the last year of the ...

    Read More
  • Sprout's predictions for legal it in 2020

    What opportunities and threats will 2020 present to the legal sector? And to maximise those opportunities and to ...

    Read More
  • Cloud technology predictions for 2020

    Although initially slow to embrace technology and the cloud, the legal sector has made impressive inroads into ...

    Read More
  • The human factor in organisational cyber resilience for 2020

    Earlier this year, we wrote a substantial blog article on social engineering and how it is, arguably, responsible for ...

    Read More
  • Email security for law Firms

    84% of British law firms are still vulnerable to email fraud, according to a survey carried out in June 2019 by the ...

    Read More
GDPR – How’s It Going for Legal So Far?
BY Ian Bernhardt

The 25th of May was a significant date for many business owners around the country and the legal sector was no different. 



We had endured years of build-up to this point – that build-up included fear-mongering, speculation, and uncertainty about just how it will affect companies. So, what effect has GDPR had thus far? In this article, the we will explain what we were worried about and how everything has turned out so far since the introduction of the EU’s General Data Protection Regulation.


Sprout IT GDPR


What were we afraid of?

Let’s start with what exactly was worrying some people in the legal sector. Naturally, GDPR has threatened to throw a multitude of hurdles in our direction. Whether it was… 

  • the stress of unfamiliar data processing rules,
  • the nagging fear that we were going to lose out in some way because of the amount of data we had to cull to be compliant, or
  • the fear of penalties we would face if a successful cyber-attack was launched to procure that data 

…GDPR was giving the legal sector a great deal to think about. 


When it rains, it pours 

The run up to GDPR has seen law firms up and down the country scramble to become compliant. To many, GDPR was another job that was put on top of the pile. The ever-growing to-do list in law firms was only made messier and more complicated by all the additional preparations that came about because of these regulations.


On top of all your day-to-day duties, somebody in your firm has been toiling in the background to ensure that all the data that you are processing and handling has been given to you with explicit consent. Additionally, all your systems may have been updated to ensure that you are more secure from cyber-attacks.


The main reason for all of these preparations is the underlying fear of making a mistake. If you have a data breach, then not only will your firm’s reputation be severely damaged, but you could come under heavy scrutiny from the Information Commissioner’s Office.


Now that we know the potential hazards that GDPR could have brought, how did it all play out?


Opportunities for those in the legal sector

The legal sector was mainly affected as a result of other industries being thrown into a panic. Every company in the UK had a very important piece of legislation that dealt with a major business asset – their data. Who do these people turn to when they need assistance with the law? Lawyers, of course.


Boom in hiring 

Hiring in the data management, IT, and legal sectors has shot up as a direct result of GDPR. Previously, many firms believed that they had a pretty good idea of how the Data Protection Act worked, and everything that companies did that involved data processing and handling was done to these standards – as they have been done for years now.


These new regulations have resulted in many firms being thrown out of their comfort zones meaning that they have had no other choice but to bite the bullet and go with cybersecurity and data management specialists. We at Sprout IT offer Data Protection Officer as a service, get in touch to see how we can make your life easier and help your business to manage GDPR on a daily basis. 


The fear factor

One of the “incentives” to become GDPR compliant is the not insignificant 20 million euro fine (or 4% of global annual turnover, whichever is larger) that will be imposed in the event you aren’t compliant.


20 million euros or 4% of turnover is no small amount to a business of any size. So, it’s no wonder that many businesses are turning to experts to ensure that they are GDPR compliant.


Of course, we’re not exempt

On the other hand, many solicitors’ practices and barristers’ chambers have also had to make sure that they themselves are compliant. So, everything that we have previously mentioned about businesses in other sectors dashing to make sure that they stay on the right side of the law applies has applied to us – and so far, things look OK.


Additional strain on data handlers and processors 

An important part of GDPR is the increase in the importance of the roles of data controllers and data processors. The extra burdens on these members of your company will have filtered throughout your firm meaning that your other staff members will have had extra responsibilities to cope with and they will have had to employ additional vigilance since the regulations have been introduced.


How we can help 

If you are interested to learn more about managing data protection successfully on a day to day basis, check out our data protection checklist here. If you'd rather outsource your data protection efforts, we'd be happy to come and do a GDPR checkup for you - get in touch here if you're interested in learning more about our Data Protection Officer as a Service


Cyber Resilience & GDPR





GDPR GDPR regulations legal industry data protection law data protection