The principles, applied
- Lawfulness, fairness & transparency — clear client-care and privacy information, and clients who can see how their matter is handled
- Purpose limitation — collect data for a defined matter, not “just in case”
- Data minimisation — ask only for what the matter type actually needs
- Accuracy — single client and matter records with update flows, not duplicates
- Storage limitation — per-matter retention schedules and controlled deletion
- Integrity & confidentiality — encryption, permissions, isolation and audit
- Accountability — be able to demonstrate all of the above
Data subject rights
Clients can ask to access their data or exercise other rights. You need to find what you hold quickly and respond within the statutory timeframe — which is far easier when everything lives against one matter record rather than scattered across drives and inboxes.
Breaches
If a personal-data breach occurs, you may need to notify the ICO within 72 hours. An append-only audit of who accessed what makes it possible to understand the scope of an incident quickly.
How Fitzentic helps
The platform is built around these principles — minimised intake, single records, retention schedules, encryption, permissions and a complete audit trail — so accountability is the default, not an afterthought.
This guide is general information for UK firms, not legal advice. Always check the current rules and guidance that apply to your firm.
See how Fitzentic helps
Run your whole firm — confidentially, with the records a well-run practice needs.