A majority (90%) of U.S. law firms surveyed by Wolters Kluwer’s ELM Solutions say data privacy and security are among their highest priorities. However, less than half (47%) feel fully prepared to address the new General Data Protection Regulation (GDPR) requirements that went into effect on May 25. Another 16% of respondents said they were somewhat prepared and more than a third (37%) had made no specific preparations.
“Law firms, along with their corporate legal and legal operations counterparts, have made progress in readying themselves for GDPR, but there is still significant work to do,” said Barry Ader, Vice President of Product Management and Marketing for Wolters Kluwer’s ELM Solutions. “Given the substantial financial penalties imposed by the European Union for noncompliance, law firms and their corporate clients must work together to harmonize their data privacy and security policies and processes.”
Fewer than half of respondents (43%) had assigned a Data Protection Officer, a requirement of many organizations under GDPR. However, nearly 60% had assigned an individual, team or outside consultant to lead GDPR compliance efforts.
Approximately 72% of those surveyed were also investing in cybersecurity solutions due to the new regulation, Wolters Kluwer said. And 67% said they host annual data security training with employees or had performed training in the past 3 years. Seventy-four mid-to large-sized U.S. law firms responded to the May survey.