Personal Finance. Money. Investing.

A well-written lawyer business plan usually provides comprehensive information on achieving the desired goals and the type of services the firm will offer customers. However, writing this document can be quite challenging and overwhelming for any new attorney just starting with law practice or considering opening up a new law firm.

Important Things To Follow When You Make A Law Firm Business Plan

1. The Law Firm’s Mission And Vision

In the middle of an uncertain future, a lawyer should have a positive attitude and an individual passion for serving justice. Otherwise, it will affect their work performance.

A law firm should beneficially serve the people while driving the business toward success. Therefore, the purpose of law firms is to help society, provide justice, and maintain peace through the rigorous pursuit of excellence. Having a clear mission statement, vision, goals, and values will help the law firm stay grounded and thrive.

Law firms can succeed with their goals and purposes if they motivate all members to work together to develop beneficial services for all parties involved.

2. Establishing KPIs

A law firm will be successful if it can achieve its goals. So, a lawyer should be able to identify their key performance indicators and describe the means of achieving them. The set goals are not the only aspect that should be considered, though. The other important point is how you will keep track of your performance to measure your progress.

It's also essential that the performance indicators in your business plan are measurable and specific, so it would be effective for any member of the board or firm who will read this document. In addition, detailing objectives and goals can give an idea about what kind of information, technologies, human resources, budget, partnerships, and strategies you need to achieve your goals, satisfy your clients, and grow your business.

3. Creating A Timeline

When you write a business plan, it won't be easy to figure out what will happen in the future. Therefore, writing down timelines is an essential part of every business plan. It will help you track what is planned for the future and know when each task needs to be specified and completed first. If you don't do this well, it will create confusion once your business starts up or contracts are signed with clients. Therefore, timelines are very helpful so that you can track how long it takes to complete each task or project.

4. Continuous Improvement

A lawyer should always be willing to learn and advance with the law and society. As a business person, you must keep learning as much as possible to apply new technology and industry changes effectively. If you don't stay up-to-date on the latest trends, new laws, and upcoming court decisions, it will be difficult for your business plan to do well. A business plan needs constant improvement for it to be executed properly, so don’t forget to include continuing legal education for you and your team, its budget, timeline, objectives, resources, and measurements. 

5. Focus On Adaptability

How you write your business plan will depend on what type of law firm you will become. For your business plan to become successful in practice and maintain relevance over time, it needs to change to adapt to your current needs and values. You should not only update your existing plans with new information and data but also make sure they are appropriate for the current times. 

"Success is not a matter of chance; it is a matter of choice," once said Vince Lombardi. However, all successful businesses and companies have one thing in common: willingness to work hard and adapt to new variables.

Everybody knows business planning is complex, so it takes time and effort to work out everything correctly and make it flow smoothly. Suppose your business plan turns your law firm into a successful and profitable business. In that case, you must revisit and update it frequently and make the necessary changes for your firm to move forward instead of just stagnating in your comfort zone.

Bottom Line

When you create a good business plan, you will find many benefits from opening up a law firm or writing a legal document for your clients. However, if this is your first business, you should know how to plan to get it up and running.

You will learn to manage sales and marketing, budgeting, customer service, and attracting and retaining talented personnel. You need to learn fast how to work on the positive aspects of running your law practice to gain an advantage over your competitors. A well-written business plan will take you there. 


When the General Data Protection Regulation came into force in May, it affected every company that does business within the European Union and the European Economic Area EEA. Its main purpose is the protection of each individual’s data, but their privacy and compliance obligations have put a significant burden on companies of all sizes and across all sectors.

Similar legislation exists in Turkey, although there are distinct differences. On one notable point, however, they are in harmony: just as not complying with GDPR requirements carries substantial penalties, so does any breach of Turkish provisions. Failure to comply can lead to administrative fines and criminal penalties. As a result, every company that does in Turkey already, or which plans to do so, needs to be aware of how these laws might affect their operations.

Partly in anticipation of GDPR, Turkish Data Protection Law (DPL) was enacted in 2016. Turkey’s supervisory authority, The Personal Data Protection Board (DPB), is still publishing assorted regulations and communiqués relating to it, as well as draft versions of secondary legislation. Under these changes, data controllers who deal with personal data are subject to multiple obligations. In addition, the legislation also applies to ordinary employees, making it significant for every company operating in Turkey.

The grounds for processing under DPL are similar to GDPR - saving that explicit consent is needed when processing sensitive and non-sensitive personal data.

So when comparing DPL with GDPR, what are the differences that impact businesses operating in Turkey? Although it stems from EU Directive 95/46/EC, DPL features several additions and revisions. It does, however, contain almost all of the same fair information practice principles, except that it does not allow for a “compatible purpose” interpretation and any further processing is prohibited. Where the subject gives consent that data may be compiled for a specific purpose, the controller can then use it for another purpose as long as further consent is obtained, or if further processing is needed for legitimate interests.

The grounds for processing under DPL are similar to GDPR - saving that explicit consent is needed when processing sensitive and non-sensitive personal data. Inevitably, this is much more time-consuming. Such a burdensome obligation would initially make it seem that DPL provides a higher level of data protection compared to GDPR, but DPL’s definition of explicit consent also has to be compared to GDPR’s regular consent. ‘Freely given, specific and informed consent ‘ is common to both, while GDPR further requires ‘unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’.

While DPL consent might appear to be less onerous than GDPR, no DPB enforcement action has yet occurred: interpretation of explicit consent therefore remains uncertain. Under DPL, the processing grounds for sensitive personal data are notably more limited than under GDPR – with the exception of explicit consent, the majority of sensitive personal data can be processed, but only if it is currently permitted under Turkish law. The sole exception is data relating to public health matters.

Controllers have to maintain internal records under GDPR, whereas DPL does not make any general requirement to register with the data protection authorities.

Equally burdensome under DPL is the cross-border transfer of personal data to a third country. As determined by the DPB, the country of destination must have sufficient protection – either that, or parties must commit to provide it. DPL also states that: “In cases where interests of Turkey or the data subject will be seriously harmed, personal data shall only be transferred abroad upon the approval of the Board by obtaining the opinion of relevant public institutions and organisations”. Under this provision, data controllers must decide whether a transfer could cause serious harm, and if it does, they need to obtain DPL approval. However, it is unclear how these interests might be determined.

Controllers have to maintain internal records under GDPR, whereas DPL does not make any general requirement to register with the data protection authorities. Instead it has a hybrid solution: registration and record-keeping requirements. DPL specifies a registration mechanism: data controllers have to register with a dedicated registry. Under a draft DPB regulation, before completing their registration they are required to hand over their Personal Data Processing Inventory and Personal Data Retention and Destruction Policy to the DPB.

For businesses which have to comply with DPL, GDPR, or both, it would be prudent to ensure that they are not duplicating their efforts. The best way to achieve this is by aiming for a flexible compliance model that successfully meets the obligations of the regulatory authorities across multiple jurisdictions.



To hear about GDPR in Portugal, this month we connected with João de Sousa Guimarães, Managing Partner Teixeira & Guimarães (T&G). Based in Proto, and with a branch office in Lisbon, the boutique firm provides financial and corporate legal support to national and global companies.


GDPR came into effect on 25th May – how did the Portuguese Government prepare for the new regulations?

The truth is that until recently, there haven’t been any national regulations in relation to GDPR. The Portuguese Government in fact tried to dismiss the penalties for the public sector’s non-compliance, which was faced with divided opinions, as it meant that private companies are being treated differently. Thus, the Government didn´t get the national parliament’s approval to pass a set of regulations and the issue is still to be discussed.


Are the majority of Portuguese companies compliant with the new regulations now?

No, they are not. The previous EU data protection directive has been in effect over the past 20 years, but Portuguese companies weren’t taking it seriously. Since November 2017, we have noticed the effort that big corporations have been making to be GDPR compliant, but there’s still a long way to go – especially for Portuguese SMEs and the public sector.


What are the key GDPR challenges that Portuguese SMEs are faced with?

I believe that the key challenge they are faced with is the paradigm shift. Up until now, most of the SMEs in Portugal simply haven’t considered data protection as a major issue in today’s world. And I’m not only talking about digital customer relationships – there are so many companies that collect and store customer data in physical form, without having any internal safety policies. Most SMEs don’t fully understand the importance of data protection. They see the implementation of GDPR as something unnecessary that will only cost them money, as opposed to an opportunity to improve their relationships with the company’s stakeholders and clients.

The paradigm is shifting. And even though most SMEs are afraid of the penalties (and so is the Portuguese government itself), things have started to improve.


What is your piece of advice for companies that are not GDPR compliant yet?

I think the most important thing for companies that are not compliant yet is to understand this paradigm shift. They need to find the gaps between their current policies and what GDPR requires.  They then should seek advice on how to become compliant and properly handle their clients’, employees’ and service providers’ personal data.


About Teixeira & Guimarães

T&G has recently started the ESSA (Early Stage Startup Advising) programme, which consists of a number of legal services that entrepreneurs usually need assistance with. This includes things like intellectual property, corporate support and more.

The firm has excellent relationship with several universities, being the first (and only) law firm that has been case studied by an MBA International programme (at Catolica Porto Business School).

By January 2017, T&G was the first law firm in Portugal that had its quality management system certified by SGS ICS, within the scope of Legal Service Provider and Credit Litigation.

T&G is a founder associate of the Portuguese Association for FinTech and InsurTech (AFIP) and has been involved with the Portuguese Youth Entrepreneur Association (ANJE). The firm has provided legal mentoring to the Startup Porto Accelerator as well as to the Portuguese Business Angel Association (APBA).

Teixeira & Guimarães was awarded Boutique Law Firm of the Year 2018 by the Corporate Livewire Innovation & Excellence, as well Litigation Advisory Firm of the Year 2018 by the Finance Monthly Global Awards.



About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free weekly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every week.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram