Lawyers – are you GDPR ready?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up


Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday


If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer


Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.


There are lots of scare tactics being thrown about in the media at the moment, trying to shock businesses into paying out for expensive – and not always effective – GDPR services. But as lawyers will know all too well, there’s no one-step solution to achieving compliance.

So realistically, what should law firms – and other companies – be doing now, to prepare themselves and their systems for the new regulations?

The truth is that it’s different for every business, depending on the scale of data processing, the amount of marketing you undertake and the security of your existing procedures, to name just a few variables. But to help you along the way, we’ve put together a checklist of ten key boxes you’ll need to tick to get GDPR-ready:

  1. Ensure employees are clued-up

    While any business-wide process amendments are likely to start from the top, ensuring that all colleagues are aware of the changes to data protection laws is key. Depending on the size of your firm and the volume of data that you’re using, this is likely to involve training managers and anyone who is responsible for collecting, processing and managing personal data.
  2. Take stock

    Auditing is no one’s idea of fun, but collating an inventory of all data held by the firm is an essential step to getting on top of compliance. This should include details of how it was obtained and why, who has access to it, whether it is up-to-date and accurate, and whether it is still needed. And it’s important to note that this applies to all data, whether stored electronically or on paper. For law firms, examples include marketing lists, accounts system records, address books, online information and any deeds or wills.
  3. Review privacy

    You’ll need to make sure that all privacy policies within the firm are current, and update them if necessary. Ensuring that staff are aware of any changes and are trained in adhering to the new policies is then essential to upholding them and keeping sensitive information secure.
  4. Understand individual rights

    Under the GDPR, the rights of the individual to have their data updated, transferred or erased must be observed. Ensure everyone in your firm is aware of these rights and that they know the correct procedures for implementing any of these requests.
  5. Keep an eye on the time

    The set timescales to meet access demands under the GDPR will be much tighter than they are presently, so you’ll need to ensure everyone is aware of the need for a speedy response – and the financial penalties that a missed deadline will incur. Data Subject Access Requests, for instance, require the demanded information to be supplied within 30 days.
  6. Check for consent

    Rules surrounding consent will be tightening, so make sure you review how the firm currently obtains it and how clients are informed that their data has been collected. The ICO will be cracking down on misleading tick boxes and other unscrupulous methods of gathering information, so check that any data you are storing on your systems has been compiled with the full awareness and consent of the individual.
  7. Ensure your files are secure

    Along with resulting in hefty fines, data loss can be a nightmare for your data-to-day business operations too. So, it’s important to review the current protective provisions you have in place, particularly surrounding cyber security, taking files away from the office, own device use, remote working and business continuity if systems go down. In short, you need to ensure you haven’t entered a state of digital complacency.
  8. Prepare yourself for change

    There’s no doubt about it – the GDPR will require you to make significant changes to what are probably firmly ingrained habits. If your audits and reviews do highlights areas for improvement, however small, make sure you know what your next steps are to implement these enhancements. And if they show up that certain uses of client data just won’t cut it under the new regulations – for marketing purposes, for instance – then consider what alternative methods you can use going forwards.
  9. Turn problems into solutions

    Yes, remedying compliance issues can be a pain. But, if you focus on turning problems into solutions – before issues arise – you will benefit your firm in the long run. Not only will your information be safer, your systems will also be more efficient and your clients will know they can trust you to keep their data secure.
  10. Review and repeat

    Taking action is crucial, but monitoring any changes is important too. Keeping your firm running like a well-oiled, GDPR-compliant machine relies on you and your colleagues keeping an eye on how all the parts are ticking over. So, make sure you have procedures in place to properly review how your plans have turned out in reality, and ensure that you remedy any glitches you identify along the way.

We know that lawyers have the legislative side of GDPR sorted, but if you’re in need of some IT expertise to help get your data storage systems and processes in shape, we can help!

Lawyers – are you GDPR ready?