Skip to content 
On March 23, Lisandro Frene of Argentinian member Richards, Cardinal, Tützer, Zabala, Zaefferer, led 37 members and 15 clients from 7 jurisdictions in a discussion about the classification of controller or processor with respect to law firm and client data.
Program Overview
Since the enactment of GDPR, law firms are frequently required by clients to comply with ‘Global Privacy Policies’ or directly, with GDPR requirements. For that purpose, it is essential to determine whether law firms should be considered ‘data controllers’, ‘joint controllers’ or ‘data processors’ with respect to customers’ data. This distinction has very practical consequences in law firms as it may determine data security insurance policies, the technical security measures law firms should be required to apply to the customers’ data and related liability towards that data.
Topics covered include:
- Overview of the roles of controller and processor, and requirements and legal implications for each
- Liability toward data sanctions
- What each party can do with the data
- Security considerations
- Information disclosure policies
- Scenarios illustrating possible complexities of issues for law firms and companies
