On June 13, the LMANE Philadelphia Local Steering Committee hosted a lunch and learn program for members. Led by Helena Lawrence (Orrick, Herrington & Sutfcliffe LLP), Doug Ladendorf (Mayer Brown LLP) and Benjamin Ness (Dechert LLP), the program provided attendees with an informative discussion on the timely topic of General Data Protection Regulation (GDPR). In addition, our speakers shared the their biggest challenges, lessons learned and next steps relating to their firms efforts in connection with navigating GDPR compliance.
Key takeaways from the program included:
- General Background Information relating to GDPR. The European Union’s GDPR officially went into effect on May 25, 2018. The GDPR provides a set of rules and obligations established to give EU citizens additional control over their personal data, privacy and individual consent. These newly adopted regulations have, in turn, created new consent requirements for email marketing efforts (and other forms of outreach) commonly utilized by law firm marketing departments for the use of business development information.
- Controllers v. Processors. A significant amount of GDPR regulations apply to controllers, these are companies that determine what personal data is collected and how that data is used post collection. Processors, on the other hand, are those companies that store, disseminate, organize or manipulate data.
- Initial Steps for GDPR Compliance. In order to determine of your company/firm is complying with the latest GDPR regulations, firms are encouraged, as a first step, to conduct a data inventory. Conducting a data inventory will provide an overview of the types of personal data you currently have, the source of that data, how that data is stored and with whom you are sharing the data.
- Complying with GDPR. All panelists emphasized that law firms concerned with GDPR compliance, particularly those with active privacy/cybersecurity practice attorneys and/or practice areas, should consult with those lawyers in regard to their specific firm’s compliance with GDPR policies. When in doubt, always ask!