GDPR could hit UK law firms hard

The UK's law firms have been urged to ensure that they are ready for the GDPR coming into force, after a new study revealed a shockingly low number of organisations are prepared for the new legislation.

With the deadline until the GDPR comes into force now less than six months away, only a quarter of the country's law firms are ready for the new rules to take effect, according to a poll by CenturyLink EMEA.

“With the deadline for GDPR compliance looming ever closer, law firms still have a chance to be ready, but they need to take action now," said Steve Harrison, sales director at CenturyLink EMEA, which offers its customers a GDPR readiness assessment service. "In addition, implementing a security log monitoring and analysis service will enable organisations to quickly identify if and when they have experienced a breach, enabling them to better comply with the GDPR breach notification regulation.”

The survey found that the majority of UK law firms are not prepared for GDPR, meaning that they could be hit by major fines for not being compliant with the new laws - but are also severely lacking in cybersecurity awareness too.

CenturyLink found that one in five law firms had been the victim of an attempted cyberattack in the last month, and that less than a third (31 per cent) of IT directors believed that their firm was compliant with all cybersecurity legislation. 

DDoS attacks and ransomware or SQL injections were named as some of the most damaging threats facing UK law firms in the poll, however human error was the most commonly reported challenge to effective data security and privacy, being named by half of respondents.

However there are signs that the industry is attempting to improve its readiness, with more than half (55 per cent) of firms saying that they have employed data security professionals too boost protection, with 60 per cent providing compulsory cybersecurity training for their staff.