The General Data Protection Regulation (the “GDPR”) came into full force and effect on 25 May 2018. It is unquestionably one of the most important pieces of EU legislation in the digital era. The changes introduced will have fundamental and far –reaching implications for solicitors’ practices. 
The GDPR has introduced much tougher sanctions for breach, with maximum penalties for intentional or negligent breaches of up to EUR 20 million or 4% of an undertaking’s annual worldwide turnover. Accordingly, you will need to consider and understand the implications for your practice. 

This section of the seminar will analyse the principles of the GDPR and their practical application in your practice. It will provide practical guidance on avoiding potential problems and pitfalls. It will also provide you with a checklist of the issues to be considered and addressed to achieve compliance with the GDPR.

Topics covered will include:
  • A consideration of data privacy “by design and by default” and associated security standards;
  • How processing can be legitimised, including limitations on the use of consent;
  • What accountability means under the GDPR;
  • Transparency requirements under the GDPR;
  • The additional focus on processing arrangements and records, and additional requirements for processing contracts;
  • Restrictions on transfers abroad;
  • When privacy impact assessments are required and what that means;
  • When a data protection officer will be required;
  • The new mandatory breach notification obligations: Is there an obligation to notify clients of the breach in “high risk” cases?;
  • The extension and clarification of individual rights under the GDPR, including data portability and the “right to be forgotten”: Can clients now require your firm to erase personal data about them without undue delay?
  • What problem is this likely to pose for practitioners bearing in mind the requirement to retain such records as are necessary for the maintenance of files and your responsibilities to the Law Society, the Revenue Commissioners and your clients?;
  • The enforcement regime and the potential implications of breach of the GDPR.