Compliance and security are the biggest data challenges – BDO

Companies need to ensure they have measures to prevent the disclosure of personal and professional data

Which are the two biggest challenges clients face with regard to data security? Internal compliance with data protection rules and the external threat of data security breaches, according to Álvaro Marco, director at BDO.
He adds that data protection and security is now a major consideration for TMT companies, meaning lawyers are having to not only keep up with the changes in legislation and regulation but also continuous technological development. Lawyers also have to provide wider, non-legal advice in relation to clients´ data needs.
“Companies must ensure that adequate processes are in place to stop personal and professional data being released, whether that is sensitive information about employees or directors leaving with confidential business information,” Álvaro says. “There is also the risk from external factors, like hackers or rival companies, actively, and illegally, seeking such data.”
Marco says this presents clients and their advisers with both opportunities and challenges. From the legal angle, legislation and regulation are targeting technology, such as the European Union (EU) data protection directive and the recent Google case, which ruled that EU citizens have a “right to be forgotten”. These frameworks, however, are not keeping pace with technological advances. Whether it is smart phones, wifi, the internet or apps, the methods of obtaining, sharing and disseminating information get more intricate by the day.
As such, lawyers must constantly update their legal and technical knowledge. To this end, clients, especially small and medium-sized businesses, are expecting to receive technical advice, not just legal advice, on their data protection and security needs.
“Clients do not want to be provided with just the legal solution but also the technical solutions, whether that is software or data processes,” Marco says. “This approach means law firms have to offer innovative solutions and develop integrated teams with, lawyers, IT professionals, data security experts and engineers to provide the full-service solution.”