fastMatter and General Data Protection Regulation (GDPR)

What is GDPR?

The EU General Data Protection Regulation (GDPR) is a privacy and data protection regulation in the European Union that came into effect on May 25, 2018.  GDPR replaced the European Data Protection Directive 95/46/EC, and aims to unify the regulatory environment for businesses handling the personal data of EU nationals.

The GDPR imposes new obligations on organisations that control or process personal data and introduces new rights and protections for EU residents. This law is intended to strengthen the protection of personal data of EU residents and to give them more control over how their personal data is being used not only within the EU, but also internationally.


Who does GDPR affect?

GDPR applies to all public bodies, businesses and other organisations that process personal data of EU residents. The new legislation comprises the General Data Protection Regulation (GDPR) which came into force on 25 May 2018 and the new Data Protection Act (DPA) 2018 which came into force around the same time. This provides a single regulation across the European Union (EU) and places obligations on organisations that operate outside of the EU but provide goods or services to EU citizens. Businesses can be defined as either

  • a data controller – one that collects and oversees the management of personal data
  • a data processor – one that processes personal data on behalf of a data controller.

Importantly, GDPR also expands the definition of “personal data” to include categories of information such as location data, online identifiers (such as an IP address), and other electronic metadata that was not included in previous data protection laws within the EU. Businesses that do not protect the personal data of EU individuals in accordance with GDPR rules are susceptible to significant fines.


fastMatter’s GDPR principles

  • we will process all personal data fairly and lawfully
  • we will only process personal data for specified and lawful purposes
  • we will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date
  • we will not keep personal data for longer than is necessary
  • we will keep all personal data secure
  • we will endeavor to ensure that personal data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection


How does fastMatter address GDPR?

At fastMatter we are committed to the view that GDPR is an important means to ensuring the rights of individuals to control access to their personal information. Importantly, we are also committed to supporting our customers in meeting their GDPR requirements! We have thoroughly analysed all steps, procedures and functionalities within fastMatter and updated our product and business operations accordingly so as to comply with GDPR guidelines, both a data controller and data processor. These updates are reflected in our Terms of Service and Privacy Policy:

fastMatter’s Terms of Service explicitly acknowledge our role as a data processor for law firms. fastMatter will continue to fulfill that role while providing tools and customer service to help law firms meet their responsibilities as data controllers.

fastMatter’s Privacy Policy also identifies how personal data is collected and kept secure, and how data subjects may contact fastMatter regarding their information.

fastMatter’s industry-leading security measures protect data stored within and transmitted from the fastMatter product. fastMatter also provides advanced security features to ensure customers are properly equipped to protect any data stored within fastMatter.


For general information on GDPR, please visit the Information Commissioner’s Office website.