Businesses around the globe continue to grapple with the requirements of the EU's General Data Protection Regulation (GDPR), which went into effect May 25. Law firms are no exception—and that's true even if they have no offices overseas.

Pennsylvania firm leaders and legal technology professionals said GDPR compliance should be a priority for most firms, as it applies to any business that handles data belonging to EU citizens. For firms that are behind in getting prepared, they said, it's better late than never.

"Even for small firms, I think it's really unlikely they're going to completely escape some kind of GDPR analysis," said Phil Yannella, co-leader of the cybersecurity practice at Ballard Spahr.

Ballard Spahr has no offices outside the U.S., but Yannella said his firm still did an assessment to see whether it falls into the category of "data controller" or "data processor" for any information it holds.

Read the full article here. Subscription may be required.