The news items and other information on this site do not purport to be comprehensive or to give legal or professional advice. cpm21 does not provide legal advice. Whilst every effort has been made to ensure accuracy, neither cpm21, its owners, employees, associates, collaborators, agents or trainers can be held liable for any errors or omissions or inaccuracies contained within each communication, on its website, or in articles, tweets, posts or blogs on social networking sites. Readers should not act upon (or refrain from acting upon) information provided without first taking further specialist or professional advice. cpm21.

What to look out for as at the end of January 2018


We’re sure that Christmas has already been consigned to a distant corner of the memory for our solicitor clients, as January has seen a large amount of small, time consuming jobs crop up from different sources.  So, we thought we’d take a minute to concentrate on one or two of them that firms should be aware of and acting upon right now…

Collection Period for Money Laundering and Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

The SRA require firms to report information pertinent to these regulations using their on line portal if the firms are covered by these regulations. The period for the collection of this information started on the 22nd of January 2018 and will complete on the 2nd of February 2018 and is mandatory.

Whoever is the point of contact for the SRA at the firm, the COLP or the person who normally receives SRA emails requesting information from the firm, should have received this request. If that person hasn’t and the firm is covered by the regulations, it’s time to start looking in the email junk or spam folders to find the email and get this done.

If you want to know what information the SRA require, you can find out here;

General Data Protection Regulation - GDPR

Okay, so we know that firms are being bombarded with information about GDPR at the moment and have been for some time. It kind of reminds us of the “Millennium bug,” and much like that, we’re sure the sun will rise on the day after it comes into force…

And the regulation comes into force at the end of May 2018, so there isn’t any need to panic, as long as firms are working on this.

What does this mean?

Well, as a minimum, firms should be carrying out a data trail audit for any personal data they hold so they can build a picture of what types of data they hold, what they process it for, what type of protections they have for it, who they share it with, how long they keep it and how they destroy it.

Please note, that isn’t an exhaustive list, and there are also “Special Categories” of data that firms need to be aware of…

Once this “picture” has been developed, then firms need to test their processes, policies, procedures and systems against the requirements of GDPR and identify any gaps they may find between their current status and the new requirements. When these gaps are identified, then suitable actions need to be taken to close them, assigning responsibility and deadlines to suitable personnel within the firm to do so, with the whole thing being completed and implemented within the firm by the 25th May 2018.


It’s also a good idea to keep a file within the firm showing evidence of all this activity and what the firm has done. This is so that if a data breach occurs when the regulation is in force, there is something to show representatives of the Information Commissioner’s Office to demonstrate that the firm did put measures in place to achieve compliance. This evidence could be the difference between a “telling off” or a significant fine.

We’re sure we know which of those firms would prefer…

There is always something to do for solicitors firms nowadays, and there are plenty of other things we could tell you about in this article, but these are certainly the top two at the moment, one a short term timescale of next week for completion, and the other a little longer…