As one of the innovators of technology to the legal sector with the largest software supplier to both lawyers and barristers, Chris was responsible for the supply of technology to over 4,000 practices and chambers in the UK. Whilst Case and Practice management systems allow firms to ‘automate' their business processes they are also sources of Personally Identifiable Information (PII) that can contradict GDPR guidelines. The usual capture of ‘Anti Money Laundering' information is often retained long after its ‘sell by' date. How can you ensure that data held in unstructured data such as Word docs, emails and PDF's are not placing you at risk? If you receive a Subject Access Request how do you find all the relevant data and ensure any third party PII isn't exposed? Chris offers an insight into how some firms are dealing with these issues.