Kolvin Stone, a partner in Orrick’s Cyber, Privacy & Data Innovation practice in London, recently spoke with The Times’ The Brief Premium on how law firms can prepare for the EU’s new General Data Protection Regulation (GDPR), which takes effect on May 25, 2018.
According to Kolvin, “The changes can be characterized as a widening of the scope of privacy law to better reflect the globalized digital world in which business operates, strengthening individuals’ rights to enable them to more effectively manage and control their data, creating stricter requirements on businesses to ensure individuals’ information is protected and increasing the enforcement powers of regulators to ensure they can hold businesses to account.”
Kolvin suggested that law firms prepare for the GDPR by carrying out an “information audit and readiness assessment” to identify any compliance gaps in order to set a “roadmap to compliance”. Depending on the level of readiness, Kolvin noted, this could include establishing a privacy governance framework, encrypting certain systems, refreshing consents for certain uses of data and developing or updating policies and processes.