Companies will be struggling to understand the precise legal implications of GDPR for a very long time. And will need your advice.

According to PwC’s Stewart Room, 98% of companies surveyed claimed to have ‘no idea’ what they’ll have to do to ensure compliance.

Profiling is likely to be a specific bone of legal contention, as it’s currently unclear whether data profiling that doesn’t result in an automated decision (but has some human input) will be covered by GDPR.

It’ll be well within your interests to maintain relationships with data and IT experts in the security field. Both to give full and complete advice to your clients, and to point them in the right direction to make sure they’re fully protected.

You’ll need to hire (or educate) some specialists who really understand this area. And right now, they’re in critically short supply.

In particular, you should start assessing now whether or not you have the correct technologies in place to help your clients (and your own practice) deal with objections to profiling based on data – and in responding to requests from data subjects to access or transfer their information.

Because of our expertise and connections to major companies in the subject area, EveryCloud are perfectly positioned to provide GDPR training courses and solutions for you, your colleagues, and your clients.

The legal industry is data heavy by nature. And since you know more about your clients than potentially any other industry, you’ll have to be ready to demonstrate what you’re doing to keep their confidence in confidence.

Privacy Impact Assessments (PIAs) will become a regular feature of your life – these are the official mechanism for determining whether a given data collection or analysis system is compliant with GDPR.

They will also be vital in determining whether contracts need to be modified in light of the new regime.

Depending on the technologies you use in processes like discovery, you’ll also need to make sure that your own applications are fully sanctionable under GDPR.