momius - stock.adobe.com

Only a quarter of UK law firms are ready for GDPR, study shows

Just 25% of UK law firms are ready for the General Data Protection Regulation and one in five have experienced an attempted cyber attack in the past month

Most law firms in the UK do not yet comply with the EU’s General Data Protection Regulation (GDPR), with just over six months to go before the compliance deadline of 25 May 2018.

According to a report by managed services provider CenturyLink Emea, only 25% of more than 150 legal sector IT decision-makers said their firms were GDPR ready, despite the threat of fines of up to €20m or 4% of annual global turnover for serious data protection failings under the GDPR.

The results highlight the fact that most firms need to prepare while they still have time to be fully compliant with the legislation, said Steve Harrison, sales director at CenturyLink. He said law firms still have a chance to be ready, but they need to take action now to analyse their business and data to determine where the gaps are, and what steps should be taken.

“Implementing a security log monitoring and analysis service will enable organisations to quickly identify if and when they have experienced a breach, enabling them to better comply with the GDPR breach notification regulation,” said Harrison.

According to the study, one in five law firms have experienced an attempted cyber attack in the past month, and less than one-third (31%) of IT directors believe their firm is compliant with all cyber security legislation.

Respondents cited several challenges to more effective privacy and data security, with the top problems including human mistakes (50%), dedicated cyber attacks such as distributed denial of service (DDoS) attacks and ransomware or SQL injection (45%), and lost documentation and devices (36%).

In a bid to combat such cyber security threats, more than half (55%) of firms said they have employed data security professionals and 60% now provide staff with compulsory cyber security training.

Read more about GDPR

Law firms are also outsourcing their IT infrastructure to providers that can offer a secure environment to support their digital transformation initiatives, with 43% of respondents saying they are moving the hosting of their applications to cloud providers and 23% are moving their servers to a colocation facility.

Asking respondents about shadow IT, the research revealed that 43% of IT decision-makers at law firms trust their IT teams to “do the right thing” for their business despite one-third (33%) of firms not permitting bring your own device (BYOD) or bring your own apps (BYOA). A total of 11% have no shadow IT policies at all.

“Every time a law firm faces an attempted cyber security attack, its infrastructure, data and customers’ data, as well as its reputation, is at risk of being compromised,” said Harrison. “That risk grows as companies have to offer more online services and flexible remote working options for staff in order to be competitive in today’s digital world.”

However, Harrison said it is promising to see that a growing number of law firms are taking steps towards greater security by moving away from legacy, on-premise IT systems to private or public managed cloud arrangements.

According to Harrison, managed services not only minimise the risk posed by external attacks, but they free up internal resources to focus on innovative IT and business initiatives.

Read more on Privacy and data protection