[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
<\/p>\n
<\/strong><\/p>\n As a law firm, you will be more aware of the legislation than us, but we have been astonished that not every firm seems to understand the ramifications for their own work product.<\/strong><\/p>\n You will know what is driving our concern:<\/strong><\/p>\n 1. The GDPR<\/strong> (General Data Protection Regulation) which came into effect in Europe in May 2018. This introduced strict regulations on what private information is, how to get consent from users, how to deal with breaches, and when personal information must be deleted. The fines for not complying were large; \u20ac20 million or up to 4% of the annual worldwide turnover. Although\u00a0it is a\u00a0European regulation, it applies to any company that stores personal information for EU citizens so potentially impacts all companies world-wide.<\/p>\n 2. Updates to the Australian Privacy Act<\/strong>, which makes data breach notification compulsory as of February 2018. This means that if an individual\u2019s personal information is leaked and likely to result in serious harm the company is required by law to notify the individual(s). Again, the fines for not complying were increased to up to\u00a0AU$2 million.<\/p>\n 3. The New Zealand Privacy Act\u00a0<\/a><\/strong>changes in 2020, introducing mandatory reporting requirements and tougher fines.<\/p>\n Updated privacy regulations aim primarily to give control to citizens of their personal data.<\/strong> It means that citizens are more aware of how their personal data will be stored, used and shared.<\/p>\n We recommend that a data privacy policy is created<\/strong> based on best practice and research performed across the industry. Staff should be trained on the privacy policy and it should be included in the staff induction process.<\/p>\n How to create your own:<\/strong><\/p>\n To create a data privacy policy the following areas and questions need to be answered:<\/p>\n \u00a0You can use this generator<\/a> to help create your own, but we recommend a more thorough approach<\/p>\nDoes your practice have a data privacy policy?<\/h2>\n
\n