An associate general counsel at one of the big four accountancy firms has urged in-house lawyers quickly to ‘get a handle’ on what data their organisations hold ahead of forthcoming, tougher data protection reforms.

The EU’s general data protection regulation (GDPR) will come into force in May next year, replacing all data protection legislation in EU member states. Currently, the ICO can issue a monetary penalty notice of up to £500,000 for DPA breaches. The GDPR will introduce much higher fines. The government is also pushing through a data protection bill, which will replace the Data Protection Act 1998 and set new standards for protecting data, in accordance with the EU regulation.

Ian Dunn, associate GC and data protection officer at KPMG, told a Law Society In-House Division seminar that lawyers responsible for making sure their firms are GDPR-compliant will need help.

He said: ‘You need to get the board on board. That can be quite a challenge for lawyers sometimes. For KPMG one of the big drivers is clients, [who are] demanding that we have got a compliance roadmap and want to know where we are. That’s got the attention of the board.’

Dunn suggested solicitors draw up a standard questionnaire for departments. ‘You’re repairing holes in the road. Unless you have that written down in a consistent manner you are never going to feel like you’ve got your hands around data boundaries in your organisation,’ he said. ‘It’s a huge task. If that’s something you have not yet done, I suggest it’s something you need to get a handle on pretty quickly.’