How can ISO 27001 help law firms comply with new GDPR legislation?

23 Aug, 2017

The Law Society has release unprecedented guidance to law firms to consider adopting ISO 27100 Information Security.  Here we explore why.

In the countdown to the EU’s General Data Protection Regulation (GDPR), the Law Society has released unprecedented guidance to law firms to consider adopting ISO 27001 Information Security to assist them with compliance. Usually a ‘closed-shop’ when it comes to recommending certifications, the Law Society must feel there is good reason to recommend ISO 27001.

In their article, the Law Society quotes statistics from the Information Commissioner’s Office (ICO) stating that there was a 173% increase in data security incidents in the legal sector in Q4 2017 compared with the previous quarter.  Given that processing highly confidential personal data is a core part of legal work, it’s easy to see how law firms could be in danger of falling foul of the new legislation.  Add to that the new fines for breaches under GDPR which can be between 2-4% of global annual turnover or €20 million (whichever the greater) and it’s a grim outlook.

Whilst it’s fair to say that the majority of law firms are tech savvy nowadays, embracing new technologies and backup systems, the majority of law firms still operate a largely paper based office.   This brings with it any number of potential issues; files left open on desks, files left in communal meeting rooms, faxes being sent to the wrong numbers, staff taking files home and working on trains where documents can be seen by other passengers to name but a few.  As the Law Society warns “make no mistake: these are data breaches, just as incidents caused by cyber-attacks are, and under the GDPR you’d be just as liable.”

Some of the top players in the legal market have already been proactive when it comes to dealing with this.  Clifford Chance, Allen & Overy and Linklaters have already taken the plunge and achieved ISO 27001 certification.  But it’s not just for the big boys.  ISO 27001 is a perfect fit for firms of all sizes.

So what have they and the Law Society seen in ISO 27001 that has prompted this decision?   Well, many of controls within ISO 27001 are great best practice for complying with GDPR including disposal of media, physical transfer of media, security of equipment and assets off-premises and clear desk/screen policy.

But there are other benefits to having ISO 27001.

BENEFITS TO YOU

  • Cost reductions due to avoiding incidents
  • Smoother running of operations as responsibilities and processes are clearly defined
  • Improved business image in the marketplace – clients have peace of mind that the company is trustworthy

BENFITS TO YOUR CLIENTS

  • Working with a trustworthy provider maintains the their own integrity to the safeguarding of its data
  • It instils confidence further down the supply chain resulting in stronger client/supplier relationships
  • Having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential/sensitive information

BENEFITS TO YOUR STAFF

  • Reassurance that their employer is meeting data handling security guidelines
  • Defines clearly and precisely roles and responsibilities therefore job satisfaction and productivity is increased.

At ISO Quality Services Limited, we have already been taking enquiries from law firms keen to steal a march on both GDPR and their competitors.   Interestingly, many are looking at not just ISO 27001 but ISO 9001 Quality Management System to boost their position in the market.   One of the many questions we get asked is how difficult and time consuming is the process?  We can reassure firms that we make the process to certification to both standards simple and straightforward.  Further, we aim to get you certified within 6-8 weeks leaving you free to get on with your job of serving your clients.

If you would like to find our more by having a free no obligation conversation about what is involved in achieving either ISO 27001, ISO 9001 or both then please call our office on 01905 670303 or e-mail clientservices@isoqsltd.com

 

 

 

 

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

A Positive Outlook

16 Apr, 2021

Find out what positives our Business Development Specialist, Stacey Humm will be taking from the past year…

Congratulations to the ISO QSL Good Egg Winners

13 Apr, 2021

Our Good Egg Awards returned for its fourth year running which turned out to be more popular than ever, receiving the highest number of nominations to date.

Our View: International School of Linguists Limited

23 Mar, 2021

Newly certified International School of Linguists Limited wanted to obtain ISO Certification to help differentiate themselves from their competitors.  To the best of our knowledge, they are the only business in their sector with three ISO certifications (ISO 9001, ISO 27001 and ISO 22301).  Find out how they got on here…

10 Ways to Run Better Employee Reviews

17 Mar, 2021

The continual improvement of employees is crucial to the growing of all businesses and it is encompassed within the Competence Training and Awareness element of the ISO 9001 Quality Management System.

A key element which underpins the continual improvement of employees is robust but fair employee reviews.