Your case files are among the most sensitive data anyone holds: litigation strategy, evidence, financial and family circumstances, sometimes health and criminal data. Yet too often they travel as unencrypted email attachments and end up on personal laptops and phones — protected by professional secrecy in principle, but wide open in practice.
The reality
None of this is malicious — it's just how a busy practice runs. But each one is a real GDPR gap, and a breach of confidentiality a client, an opponent or an ex-employee can report.
Pleadings, evidence and statements go out as ordinary email attachments — unencrypted, interceptable, and forever copied across inboxes and sent folders.
Clients send sensitive documents over personal email and WhatsApp. They land on a personal phone, in chat backups, with no encryption, access control or deletion.
Matter files sit on personal laptops and in consumer Google Drive or Dropbox accounts with no encryption, no DPA and no clarity on where data is stored.
The whole office shares one login to the case-management system, so there is no record of who opened which matter — and no way to revoke one person.
Former trainees, paralegals and secretaries still have live accounts and synced folders months after leaving — privileged files in unaccountable hands.
Closed matters are kept indefinitely with no retention policy — a growing store of privileged data you no longer need but remain fully responsible for.
It only takes one. A misaddressed email, a stolen laptop, a client who exercises their right to ask "what data do you hold on me?" — any of these can become a breach of confidentiality and a complaint to the data protection authority. The fix is far cheaper than the incident.
The fix
We don't hand you a policy and leave. We change how privileged data actually flows through your firm, with tools your team and clients will actually use.
An encrypted client portal for exchanging case files and statements — replacing plain email and WhatsApp — that clients and fee-earners find easier, not harder.
Matter files encrypted on disk and on the wire, so a lost laptop or intercepted message does not become a disclosure of privileged client data.
Individual accounts with multi-factor authentication and per-matter permissions — only the people on a case can open it, with no more shared logins.
A retention schedule per matter type that respects limitation and regulatory periods — with secure destruction once a closed case reaches the end of its term.
A clean leaver process that revokes accounts and synced access immediately, plus audit logs showing who accessed which matter and when.
Data-processing agreements with your case-management and cloud providers, plus a breach procedure aligned with your duty of professional secrecy.
How we work
We follow a real matter end-to-end: where the file, the evidence and the client documents go, and on which device or tool.
We flag the non-compliant flows and the concrete risks to privilege and confidentiality — prioritised, in plain language, not a 90-page report.
We set up the secure portal, encryption, access control, MFA, retention and the DPAs — and migrate you off plain email and personal devices.
A short team briefing, a breach plan and the records of processing — so it stays compliant and confidential day to day.
FAQ
The questions firms ask us most.
Tell us how you exchange and store case files today. We'll show you the gaps and the fix — response within 4 working hours, no commitment.
EN
IT
ES