The RGPD is based on 5 main principles:
- The purpose principle: personal data can only be stored and used if it can be shown to have a specific, legal and legitimate purpose.
- The principle of proportionality and relevance: only data that is adequate, relevant and necessary for the purpose for which it is to be used may be stored.
- The principle of limited retention periods: a maximum storage period must be set for data files, defined according to the purpose for which they are to be used.
- The principle of security and confidentiality: we must be able to guarantee the confidentiality of the data we hold. No unauthorized person should have access to this information.
- Respecting people’s rights.
It’s understandable that meeting these requirements can be a real headache. There are now many firms specializing in RGPD to help companies achieve compliance and produce all the documents needed to do so.
Some lawyers have also chosen to specialize in this area and offer this type of support to their clients. But how can law firms themselves ensure they are compliant with this regulation, particularly in terms of data protection?
Lawyers have to record and archive a large amount of their clients’ personal data, which is often sensitive. We know today that the legal profession is becoming increasingly digitalized, so it’s vital for lawyers to be able to guarantee the security of the information stored and exchanged via their computers, especially as cyber-attacks are multiplying and regularly causing damage that can jeopardize business, particularly for small structures with little or no equipment.
A simple solution for complying with the regulation: use an adapted management tool that complies with Privacy by Design requirements. When choosing your management tool, make sure it has the following features and functionalities:
- Secure storage space (EDM) with document access control, versioning system, log tracking and audit trail. The aim is to be able to tell at any time who has done what on each file.
- A secure connection with double authentication to prevent appropriation of personal accounts.
- Encrypted messaging and videoconferencing to ensure the confidentiality of your exchanges with your customers and partners.
- Time-limited archiving in compliance with regulations.
- Data lifecycle management.
The last piece of advice is to avoid multiplying software. Why? Because they don’t all have the same level of security, so watch out for leaks…
For the last word, opt for the all-in-one!