According to a study constituted by CenturyLink Emea, nearly 75 percent of law firms in the United Kingdom are not ready for General Data Protection Regulation (GDPR). With just six months to go before the compliance deadline of 25 May 2018, a majority of the law firms are not ready to be fully compliant with the legislation. Here, the fine for non-compliance and failings to protect data under the GDPR is up to €20 million or four percent of annual global turnover.
The report indicates that one in five firms have suffered a cyber incident in last month, a rise of 44 percent over the last year. The report mentions Joanne Frears, Consulting Solicitor at Blandy & Blandy, challenging the finding that 34% of the companies claim they have never been the victim of an attempted cyberattack.
“The average length of time it takes to discover a cybersecurity breach is 196 days and so although it is easy to believe that almost half of all firms have suffered attempted cyberattacks, it is alarming to think that the 34% who claim to never to have been targeted, could simply be unaware that malware has been planted on their system or that perhaps one of their accounts staff is currently being spear-phished! This lack of awareness and preparedness is one of the biggest risks the profession faces,” Frears argues.
The study highlighted that only 31 percent of IT directors believed their firm was compliant with all cybersecurity legislation. Frears urges companies to fall in the line while there is still time. “With the advent of GDPR next May bringing greater record keeping and privacy by design obligations as well as the potential of fines for breach of €20million or 4 percent of annual turnover, those 75 percent of firms that admit they are not prepared [or don’t know if they are prepared] for these changes have a chance to get ready, but time is running out!” She also warns that Brexit will not provide a panacea for GDPR worries: “Perhaps most firms think Brexit is a cure for GDPR, without realising that unless the UK has robust data protection compliance equivalent to GDPR, it will not be able to provide or accept any personal information from EU businesses or EU citizens and most of the UK service and technology industries would fold as a result!,” she adds.