In May of this year the Council of Bars and Law Societies of Europe (CCBE) presented guidance on compliance measures for for lawyers regarding the General Data Protection Regulation (GDPR).

With this paper the CCBE wishes to provide an overview of the main new compliance measures that Bars and Law Societies may wish to recommend in order to ensure compliance with the requirements set out in the GDPR. In the guidance document those aspects of the GDPR are highlighted that cause new or increased compliance responsibilities for, in particular, lawyers or law firms. Considering that the vast majority of European law practices are below the 250 employee threshold, the issues outlined below do not address provisions that apply to larger law firms only (for example, the requirement to have a data protection officer). Also, attention is drawn to the fact that many law firms process personal data that qualify as ‘special categories of personal data’.

More information: the document