In-house teams need to focus on what’s most important—the law
The transition from private practice to in-house must be a tricky one to process. From the move to no billing after a career spent doing so by the hour, to colleagues as clients, suggests having to acclimatise to fundamentally different dynamics. It’s not something every lawyer will want to do—or even be able to succeed in. And all of that is without considering the move in the opposite direction, back into private practice again.
Former Leeds Law Society president James Haddleton is a lawyer who has done both. Last year, Haddleton returned to Leeds, the city where he practised as a lawyer for 25 years, to set up his own firm, Haddleton Legal. Haddleton worked in private practice at DWF and DLA Piper in Leeds, before moving on to AIM-listed pharma company Clinigen Group as group legal counsel and company secretary.
In his in-house role, Haddleton developed a legal team and led projects to reduce risk and improve the quality and efficiency of its contracting, governance and compliance systems. He faced a number of different challenges as an in-house practitioner that he perhaps didn’t appreciate when he was in private practice and on the other side of the table.
Most notably, costs were a big issue. Haddleton says: “As an in-house lawyer, you can’t quote a price of £300 per hour when the CFO asks you how much a particular project is going to cost. It was a challenge to get properly budgeted, fixed prices for work from outside counsel.”
Having worked in-house at Clinigen, Haddleton now appreciates that outside counsel don’t have to put their in-house counterparts in that position. He says: “There is little a lawyer does that can’t be set to a fixed price, with relevant parameters.”
“At Haddleton Legal, we do fixed prices and day rates. With no hourly rates, our clients don’t get charged for every missed call nor do they have to worry about what the actual bill is going to be. We’ve fixed it so departments can budget for a particular project. Our people don’t have billing targets so they just focus on doing a good job—and that leads to more work.”
Another challenge that in-house lawyers face is efficiency in the delivery of the advice that they seek. Haddleton explains: “The role of an in-house lawyer is to keep the wheels turning and in the right direction. It isn’t their job to redraft reams of contracts—they have to focus on the most important areas of risk, be it contracts, compliance or governance.”
“Outside counsel need to provide advice that is short and to the point, and focuses on the things that matter commercially, to aid in-house lawyers. They don’t need eight-page letters made up of mostly irrelevant information and caveats—they just need good advice.”
Haddleton adds: “It’s all about transparent costs and absolute efficiency. Take contract management systems as an example: we advise in-house lawyers how to use them and the benefits. Which other law firm advises you to do that? Those systems are a great efficiency for in-house lawyers, who have lots of documents and contracts to manage. An ordinary law firm won’t advise them to get a contract management system, but I do, because I’ve been through the process of choosing one and implementing it and know the benefits.”
The European regulation in the room
The General Data Protection Regulation (GDPR) was a particular issue for Haddleton who was responsible for its implementation while in-house at Clinigen, whose pharmaceutical and healthcare businesses manage swathes of sensitive personal data. Set to come into force on 25 May 2018, GDPR marks a significant tightening of data protection compliance regulation, according to London law firm Collyer Bristow. The regulation harmonises data protection rules across the EU and applies to all organisations collecting personal data.
But, according to Collyer Bristow’s October 2017 survey of 460 senior decision makers at British businesses, 55% of UK small businesses (those with fewer than 250 employees) are still not familiar with GDPR despite its introduction being now less than six months away. Haddleton, who led the legal implementation of GDPR at Clinigen thinks that the potential enormity of the GDPR project within their own organisations is putting people off.
He says: “The advice we’re giving is to treat GDPR like any other risk management project. Clients need to examine where they are now, the data they hold and how they hold it, and then look to improve their processes and systems, but on a risk-based approach.”
“GDPR needs to be a done in a prioritised way. It isn’t about being absolutely perfect by 25 May 2018, it’s about doing as much as possible to be ready. They need to expect that they’re going to be dealing with this for a long time to come, so it’s an ongoing project focusing on getting better, improving culture and making sure that those systems work for the new laws.”
Collyer Bristow’s research also found that 18% of businesses would be at risk of going insolvent if they were forced to pay the new, higher maximum fines allowable. Organisations that breach GDPR will be subject to fines of up to €20 million or 4% of worldwide turnover, whichever is higher. Previously, fines were set at a maximum of £500,000.
Haddleton says: “The situation is similar to when competition fines went up to huge sums. Businesses began to sit up and take notice. Those large fines are incentive enough to push people on and make them get over that initial fear of how much work there is to do and get on with it.”
It’s not just businesses that will be worried by the enormous fines, however. A case late last year resulted in a charity worker being fined for sending spreadsheets with sensitive personal data to his personal email address without the knowledge of his employer.
The personal data included full names, dates of birth, telephone numbers and medical information. The defendant admitted unlawfully obtaining personal data in breach of Section 55 of the Data Protection Act of 1998. He was given a conditional discharge for two years and was also ordered to pay prosecution costs of £1,845.25, as well as a victim surcharge of £15.
Haddleton says: “These prospective fines are really encouraging businesses to get over the initial work involved, but these regulations are also affecting individuals. I think systems, processes and procedures will be audited and sensibly managed, but it will be the actions on the edges, such as employees sending work home to themselves, which will catch people out—and that requires a significant change in culture.”
Haddleton Legal has a set up a group, under Chatham House rules, for interested in-house legal parties to share their knowledge and experience of GDPR, allowing each participant to develop better systems in-house as a result.
Haddleton says: “We are also helping people with resources for their in-house legal teams by offering a managed legal service, so that former in-house lawyers can come in short-term to cover or to help with particular projects, which is a benefit to the client because they don’t have to teach them what it’s like to work in-house all over again.”
“We also offer a training portal that allows legal teams to train staff on the likes of GDPR, as well as anti-bribery and crisis management. The whole system is automated, so it chases users up and certifies when the training has been completed. It takes some of the weight off in-house legal teams.”
While GDPR looms ever closer, Brexit overshadows it larger still. With the UK incorporating most EU laws and regulations into national law at its point of exit in 2019, GDPR and its many, immediately binding, brother and sister regulations will have to be adhered to, no matter what.
This, however, should be seen as an opportunity, according to Haddleton.
He says: “One of the things that we’re advising on when it comes to GDPR is on contractual data protection clauses. But if you’re investing in cleansing data and contracts for GDPR purposes, make use of the investment to to look at other clauses, such as those covering jurisdiction. If the UK is coming out the EU and there are clauses that affect the EU, we can use this opportunity to change these clauses now.”
“More generally, Brexit is a question of keeping your eyes and ears open, and not making bold business planning assumptions that EU laws simply won’t apply (as GDPR has shown). For all the talk of mad EU laws on bent cucumbers—which was a myth—many of the laws improved quality and ease of trade (for example the safety of goods coming into the EU) so I expect much of EU law won’t be deserting us, and will simply be transposed and enforced here.”
This article originally appeared in issue 150 of Leeds & Yorkshire Lawyer