On the 25th of May 2018 new EU General Data Protection Regulation (GDPR) rules are enforced, defining how personal data must be stored, used, and processed. After GDPR takes effect, EU citizens will have the possibility to influence who can manage their personal data and in which way. These rules affect all organizations working with EU citizens’ personal data.
Data controllers failing to comply with new regulations may face fines reaching up to 20MEUR or 4% of annual turnover. Of course, depending on the local data protection legislation, there might be additional penalties or even personal responsibility.
Law firms handling civil and criminal cases regularly store and process sensitive client information, often pertaining to individuals’ rights and freedom. According to GDPR regulations, any loss of such information must be promptly communicated to the client, which, apart from potential penalties, could inflict irreparable damage to the law firm’s reputation. Therefore, centralized data management solutions and robust personal data protection mechanisms are essential. In this article, we explore how Amberlo Case Management Software helps law firms comply with the main GDPR requirements.
Organization and system security
Requirement:
Organization must ensure that personal data is stored, processed and transferred securely. Data security must be integral part of the business processes which are constantly monitored and improved.
Amberlo stores all data in the Amazon AWS data centre, adhering to the highest security standards and providing active protection against security breaches. Data and backups stored on Amberlo servers are encrypted and safeguarded from unauthorized access. Partial access to client data is limited to the system administrator, while sensitive data like passwords is encrypted and accessible exclusively to the client. Amberlo undergoes continuous development and improvement. Software development, testing, and deployment processes are highly automated and structured to ensure that developers have no access to client data.
Personal data protection
Requirement:
GDPR requires that personal data must be accessible only to certain users and only to a necessary extent. Also, different requirements are set for the personal data based on its sensitivity.
Amberlo enables the customization of individual access rights to modules and data records for each user. This ensures that personal data is only accessible to authorized users and the required extent.
Data breaches
Requirement:
Under the GDPR, any business worldwide that has EU residents’ personal information compromised is required to notify supervisory authorities within 72 hours of uncovering the breach.
Our Amazon AWS tools and Amberlo monitoring tools quickly find and report any attempts to compromise the platform. If there’s a data breach, we promptly notify our clients, giving them details on the timing, scope, and affected data. This allows them to promptly inform their clients, ensuring GDPR compliance.
Consent to process personal data
Requirement:
Organization must receive consent from a person to process his personal data. This consent must clearly state which personal data will be collected, where and how it will be stored and used for which purposes.
Amberlo enables the storage and efficient retrieval of all client agreements. To keep things compliant with GDPR rules, just make sure all your client agreements match up with these standards. Upon signup, clients agree to Amberlo’s Terms of Service and Privacy Policy. which detail the personal data we collect and process. These documents detail the personal data we collect and process.
Amberlo stores law firms’ employees’ personal data, including names, surnames, and email addresses, solely to ensure our services run smoothly. We do not share any personal data with third parties.
Right of access
Requirement:
If requested by an individual, organization must provide information which personal data it manages, where it is stored, and for which purposes it is used.
If requested by an individual, a law firm can quickly find all personal data stored in Amberlo. They can export it to XLS format and provide it to the person.
Right to be forgotten
Requirement:
If requested by an individual, organization must destroy all personal data.
With Amberlo, you can quickly locate and erase personal data stored in the system. Plus, you have the freedom to cancel your Amberlo subscription anytime. If you ever decide to leave, just let us know, and we’ll delete all your account data for you.
Data portability
Requirement:
If requested by an individual, organization must provide personal data in widespread electronic data format so that person could move the data to another data controller.
Amberlo ensures that upon request, personal data will be provided in a widely accessible electronic format. And if you want to move it somewhere else, no problem! You can export it to an XLS file with just a few clicks.
What does your law firm need to do to comply with GDPR regulations?
- Sign up for an Amberlo account and securely manage all your client data in one convenient location. It’s quick and easy—just a few minutes to set up!
- Assign a data protection officer who will be responsible for implementing GDPR regulations in your law firm.
- Describe procedures for storing, processing, and ensuring security for personal data. Stored procedures in Amberlo for easy access.
- Adopt client contracts to comply with GDPR regulations. Store all contracts and any amendments in Amberlo.
If you have not tried Amberlo yet, you can do it here.
For more information about Amberlo Legal Software, please visit www.amberlo.io.
Your Amberlo team