Warwick Ashford, writing for Computer Weekly, reports that only a quarter of British law firms are ready for GDPR:
Most law firms in the UK do not yet comply with the EU’s General Data Protection Regulation (GDPR), with just over six months to go before the compliance deadline of 25 May 2018.
According to a report by managed services provider CenturyLink Emea, only 25% of more than 150 legal sector IT decision-makers said their firms were GDPR ready, despite the threat of fines of up to €20m or 4% of annual global turnover for serious data protection failings under the GDPR.
25% of UK law firms are ready for GDPR? To my mind that's either actually a surprisingly impressive number, or some of the legal sector's IT security chiefs are seriously deluded...
I would have imagined that the reality is that far fewer law firms are truly "ready" for GDPR.
And we shouldn't make the mistake of thinking that this is a British or simply European challenge. Any organisation doing business with people based in Europe, regardless of where their firm is based, needs to wake up to the truth that they are also impacted by GDPR. In my experience many businesses in the rest of the world are largely oblivious to what's coming around the corner.
Of course, it remains to be seen whether anyone will actually be hit by the considerable GDPR fines being talked about, but what firm would want to take that gamble?
If you're still baffled as to what GDPR is, and how it might affect you and your business, be sure to check out our "Smashing Security" podcast on the topic from earlier this year:Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.