Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR and solicitors

  • 19-03-2018 5:24pm
    #1
    Registered Users, Registered Users 2 Posts: 399 ✭✭


    How/what are you doing to get your firm ready?

    Are updated T&Cs enough?


Comments

  • Banned (with Prison Access) Posts: 4,691 ✭✭✭4ensic15



    Are updated T&Cs enough?

    No. Security of manual and computer files must comply with the requirements of the Regulation. A written policy must be in place. data processors to whom data is sent, particularly barristers, and expert witnesses, must also undertake to process data in accordance with the Regulation.


  • Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,781 Admin ✭✭✭✭✭hullaballoo


    Retention is a big issue for lawyers. If you have any reason to keep files for longer than you need them, for example for the purposes of drafting precendents, they must be anonymised.

    Tbh, the regulations are insurmountable for lawyers, particularly sole-traderships (especially barristers) or very small practices.

    The DPC is aware of this so I would imagine there will be a lot of smaller practices that go out of business as an indirect but obvious result of the regulation.


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 1,314 ✭✭✭CardinalJ


    Do you really think so? That is not good.


    I work for a large insurer, we find it hard. Small firms/traders dont have a chance.


  • Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,781 Admin ✭✭✭✭✭hullaballoo


    I think that particularly for lawyers it's going to be problematic and the smaller the practice, the fewer resources there will be to ensure compliance. So, yes, I think it will kill a lot of small practices because there's an obvious incentive to go after lawyers from the DPC's point of view - fines on law practices will increase funding on a short-term basis and is a way for the DPC to finance its own necessary expansion to tackle bigger processors.

    Considering the regulation was obviously drafted over a lengthy period of time and will have considered many outcomes, it is undoubtedly blind to small businesses. The requirement for every data processor to have a data protection officer, as an example, is testament to that. As a one-man-band, it would be impossible to afford the overhead of appointing a data protection officer to ensure compliance but there it is, an absolute requirement of the GDPR.

    There are no derogations available, so each and every processor is treated exactly the same. There's no administration of justice clause to enable lawyers etc. to overcome the strict obligations on the basis that we're processing the data for a greater good.

    I think overall that the GDPR misses the target in a big way and we'll see a lot of litigation about it. Even though the actual parameters of the regime are similar to the current one, the obligations and penalties are onerous enough that this is now a matter worth considering for action.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,405 ✭✭✭Dandelion6


    The requirement for every data processor to have a data protection officer, as an example, is testament to that.

    There is no such requirement.


  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    I think that particularly for lawyers it's going to be problematic and the smaller the practice, the fewer resources there will be to ensure compliance.
    This is the case for any organisation that processes personal data.

    there's an obvious incentive to go after lawyers from the DPC's point of view - fines on law practices will increase funding on a short-term basis and is a way for the DPC to finance its own necessary expansion to tackle bigger processors

    There is no obvious incentive to target lawyers. Nor is there any reason to believe that fines will not be applied in an objective manner to any organisation that breaches the GDPR.

    However, there is a regulatory obligation on the government to provide sufficient funding to the DPC for their operations.

    Article 52.4
    4. Each Member State shall ensure that each supervisory authority is provided with the human, technical and financial resources, premises and infrastructure necessary for the effective performance of its tasks and exercise of its powers, including those to be carried out in the context of mutual assistance, cooperation and participation in the Board.

    Indeed, their funding has increased by €4m for 2018 and is now at €11.7m

    Also, administrative fines by the DPC are returned to the exchequer so there is no selfish incentive to impose fines.


    The requirement for every data processor to have a data protection officer, as an example, is testament to that.
    As a one-man-band, it would be impossible to afford the overhead of appointing a data protection officer to ensure compliance but there it is, an absolute requirement of the GDPR.

    As already pointed out by a previous poster, there is no such requirement.

    There's no administration of justice clause to enable lawyers etc. to overcome the strict obligations on the basis that we're processing the data for a greater good.
    Nor should there be.

    I think overall that the GDPR misses the target in a big way and we'll see a lot of litigation about it.
    Frankly, I think GDPR has hit the target spot on.
    I do, however, agree that we'll see a lot of litigation. There are a lot of questions that need to be answered and areas of vagueness that need clarity. These will be addressed by case law.

    Even though the actual parameters of the regime are similar to the current one, the obligations and penalties are onerous enough that this is now a matter worth considering for action.

    You are correct. The GDPR is not entirely dissimilar to existing DP law. That being the case, if you are compliant with current law the effort required to comply with the GDPR should not be overly burdensome. However, if you're starting from scratch that's a different matter.

    As for "action", how about considering compliance? It's not like this has been foisted on organisations with no notice of any kind. It's been two years since it was adopted and it was being prepared for four years prior to that. No-one can say that they didn't see it coming or that they weren't given an opportunity to prepare for it.


  • Registered Users, Registered Users 2 Posts: 6,666 ✭✭✭Claw Hammer


    Around courthouses every day, there are lawyers carrying papers. Even in the restaurants in the 4 courts there are papers sitting on tables as well as in corridors outside of court rooms. If a set of papers is lost, everyone named in the papers must be contacted. That includes every witness, provider of expert reports, barristers whose name appears on the papers and the parties to the case. It will be a major culture shock. Look into the Law Library in the 4 courts and see the mounds of papers piled up on tables, abandoned while their custodian is making a fortune settling a case in the round room. AHow can that carry on continue?


  • Registered Users, Registered Users 2 Posts: 6,769 ✭✭✭nuac


    The Law Library is confined to barristers, bar-rooms at other courthouses are confined to solicitors and barristers.

    Elsewhere there is a convention that lawyers do not look at other lawyers files


  • Registered Users, Registered Users 2 Posts: 6,666 ✭✭✭Claw Hammer


    nuac wrote: »
    The Law Library is confined to barristers, bar-rooms at other courthouses are confined to solicitors and barristers.

    Elsewhere there is a convention that lawyers do not look at other lawyers files

    That is not going to be sufficient for GDPR. The Regulation is hard law. gentlemany conventions are not going to cut it. What about lost papers? I saw a full lever arch folder left on a chair in the 4 courts, abandoned after a case was settled. Frequently there are papers left in courtrooms over lunch.


  • Advertisement
  • Closed Accounts Posts: 422 ✭✭Vetch


    I think that particularly for lawyers it's going to be problematic and the smaller the practice, the fewer resources there will be to ensure compliance. So, yes, I think it will kill a lot of small practices because there's an obvious incentive to go after lawyers from the DPC's point of view - fines on law practices will increase funding on a short-term basis and is a way for the DPC to finance its own necessary expansion to tackle bigger processors.

    Considering the regulation was obviously drafted over a lengthy period of time and will have considered many outcomes, it is undoubtedly blind to small businesses. The requirement for every data processor to have a data protection officer, as an example, is testament to that. As a one-man-band, it would be impossible to afford the overhead of appointing a data protection officer to ensure compliance but there it is, an absolute requirement of the GDPR.

    There are no derogations available, so each and every processor is treated exactly the same. There's no administration of justice clause to enable lawyers etc. to overcome the strict obligations on the basis that we're processing the data for a greater good.

    I think overall that the GDPR misses the target in a big way and we'll see a lot of litigation about it. Even though the actual parameters of the regime are similar to the current one, the obligations and penalties are onerous enough that this is now a matter worth considering for action.

    There are derogations. All organisations don't need a formally appointed DPO as another poster has mentioned. There are exemptions from record-keeping under Article 30 for organisations with fewer than 250 employees, depending on what records they keep.

    Recital 13 also 'encourages' supervisory authorities to 'take account' of smaller organisations.


  • Banned (with Prison Access) Posts: 4,691 ✭✭✭4ensic15


    nuac wrote: »
    The Law Library is confined to barristers, bar-rooms at other courthouses are confined to solicitors and barristers.

    Elsewhere there is a convention that lawyers do not look at other lawyers files

    There are many people other than barristers in the Law Library. There are receptionists, porters, cleaners, tradesmen and visitors.


Advertisement