Ensuring your Law Firm meets the requirements of the new GDPR guidelines
Over the last several months, the LawPro Development Team have been hard at work upgrading both our case management and accounting software packages to ensure they are fully compliant with the new GDPR guidelines. This web page is to clarify that all LawPro products now meet the required GDPR standards and help law firms to run a GDPR compliant business. Below is a rundown of the new features that have been added.
Every client record now includes a GDPR tab that records all the personal data stored against the client and shows which third parties that data has been shared with. When considering the processing of such data, LawPro users can now log the following: the lawfulness of the processing, including a record of consent and any supporting documentation; special categories of personal data and the reasons for processing them; and finally, data entry and retention review dates. The system will then automatically calculate future deletion dates based on predefined case-type criteria.
LawPro also includes a GDPR event logging system, where users can record events such as client data audit requests. These events are logged from the client record and then subsequently stored in the GDPR Centre, which is a central location accessible only to the Data Protection Officer(DPO). The DPO will receive an automated email for every event logged so that they can respond to events in a timely manner.
From the GDPR centre the DPO can monitor and process client personal data requests quickly and easily. An Acknowledge Event feature generates an automated email to clients to acknowledge receipt of their requests. When events are subsequently actioned, automatically populated templates are generated to be sent to clients detailing the personal data stored against them.
The GDPR centre also has a security breach log to document personal data security breaches and record notification of the relevant bodies and persons within the specified time limits.
One of the key issues of GDPR is the deletion of personal data from records when the lawfulness of processing ceases to exit. To ensure full compliance in this regard, LawPro offers a two-stage matter deletion process. The first stage copies the matter to an anonymous GDPR client, removing personal data and the ability to identify the client, while maintaining a lawful record based on preconfigured case-type retention periods. This first stage deletion effectively removes the matter from the system for the average user but keeps it accessible to the DPO in a redacted state. The second stage deletion removes all documents and data stored in the matter, and is the final, non-reversible process in destroying a record.
Should you have any further questions regarding GDPR, please feel free to speak to a member of our Support Team who will be happy to assist.