GDPR at law firm with AMEA Legal

On 25th of May 2018 new EU General Data Protection Regulation (GDPR) rules are enforced, defining how personal data must be stored, used and processed. After GDPR takes effect, EU citizens will have the possibility to influence who and in which way can manage their personal data. These rules affect all organizations working with EU citizens personal data.

Data controllers failing to comply with new regulations may face fines reaching up to 20MEUR or 4% annual turnover. Also depending on the local data protection legislation there might be additional penalties or even personal responsibility.

Law firms working on civil and criminal cases store and process sensitive client information which is often related with persons’ rights and freedom. Loss of such information according to GDPR regulation must be immediately announced to the client which in addition to penalties might cause irrecoverable damage to law firms’ reputation. Therefore, centralized data management solution and proper personal data protection becomes very important. In this article we analyze how AMEA Legal helps law firms to comply with main GDPR requirements.

Organization and system security


Organization must ensure that personal data is stored, processed and transferred securely. Data security must be integral part of the business processes which are constantly monitored and improved.

AMEA Legal stores all data in Amazon AWS data center, corresponding highest security standards and providing active protection from security breaches. Data and backups stored on AMEA Legal servers are encrypted and protected from unauthorized use. Only system administrator has partial access to client data. Most sensible data (like passwords) is encrypted additionally and is only accessible to the client. AMEA Legal is continuously developed and improved. Software development, testing and deployment processes are highly automated and organized in a way that developers do not have any access to client data.

Personal data protection


GDPR requires that personal data must be accessible only to certain users and only to a necessary extent. Also, different requirements are set for the personal data based on its sensitivity.

AMEA Legal allows to set individual access rights to modules and data records for each user. This way we ensure that personal data is accessible only to certain users and to a needed extent only.

Data breaches


Under the GDPR, any business worldwide that has EU residents’ personal information compromised is required to notify supervisory authorities within 72 hours of uncovering the breach.

Amazon AWS tools and our AMEA Legal interactive system monitoring tools register any attempts to compromise or illegally access AMEA Legal system and immediately notify system administrator. In the case of data breach, we would immediately inform our clients – law firms about breach time, extent and affected data, so that they could promptly inform their clients thus complying with GDPR regulation.

Consent to process personal data


Organization must receive consent from a person to process his personal data. This consent must clearly state which personal data will be collected, where and how it will be stored and used for which purposes.

AMEA Legal allows to store and quickly retrieve all client agreements. Surely all client agreements must be adopted to comply with GDPR regulations. During sign up process, client agrees with AMEA Legal Terms of Service and Privacy Policy, defining which personal data we store and process. AMEA Legal stores personal data of law firms’ employees using the system including name, surname and email address and uses it to an extent necessary to ensure uninterruptible provision of AMEA Legal software as a service. We do not share any personal data with third parties.

Right of access


If requested by an individual, organization must provide information which personal data it manages, where it is stored, and for which purposes it is used.

If requested by an individual, law firm can quickly find all personal data stored in AMEA Legal, export it to xls format and provide it to this person.

Right to be forgotten


If requested by an individual, organization must destroy all personal data.

AMEA Legal allows to quickly find and delete personal data stored in the system. Our clients can terminate AMEA Legal subscription at any time and request to destroy all data stored with the client account.

Data portability


If requested by an individual, organization must provide personal data in widespread electronic data format so that person could move the data to another data controller.

AMEA Legal allows to export selected data into xls format so that it can be moved to another data controller.

What your law firm needs to do to comply with GDPR regulations?

  1. Create AMEA Legal account and start managing your client data securely and in one place. It will take less than 10 minutes.
  2. Assign data protection officer who will be responsible for implementing GDPR regulations in in your law firm.
  3. Describe procedures for storing, processing and ensuring security for personal data. Store procedures in AMEA Legal for easy access.
  4. Adopt client contracts to comply with GDPR regulations. Store all contracts and any amendments in AMEA Legal.

If you did not try AMEA Legal yet, you can do it  here.

For more information about AMEA Legal, please visit

Your AMEA Legal team

Send a Message