← Back to blog
    Compliance

    Exchanging divorce files securely: prevent GDPR claims

    Special personal data in divorce files, four real-world incidents, five best practices and the notification duty under article 33 GDPR.

    TransferGuard redactieJuridisch & Compliance8 min

    Divorce files are among the most GDPR-sensitive documents a law firm handles. Financial positions, medical data, children: a data breach in this type of file almost automatically leads to serious reputational and damage-claim risks.

    Why divorce cases pose a high GDPR risk

    An average divorce file contains more categories of special and sensitive personal data than almost any other type of file. Income data of both parties, bank transactions, business records, property valuations, medical statements about psychological suitability for co-parenting, educational reports about the children: all in one file.

    The sensitivity of the relationship between the parties increases the risk further. Unintended sending to the opposing party instead of one's own client can in this context lead directly to complaints, disciplinary actions and damage claims. The GDPR risk classification in these files is without exception "high".

    Special categories of personal data

    Article 9 GDPR prohibits the processing of special personal data, with a number of exceptions, including processing for legal claims (article 9(2)(f)). The exception permits processing, but leaves the obligation to provide appropriate security fully in place. Categories that occur frequently in divorce files:

    • Health data (psychiatric reports, addiction care, medical statements about injury or incapacity for work).
    • Data on sexual behaviour or sexual orientation (rarely, but it does occur in specific disputes).
    • Criminal data (previous convictions, ongoing investigations).
    • Data of children (article 8 GDPR grants children additional protection).

    Four incidents from practice

    The cases below are composed from publicly known patterns in enforcement decisions and disciplinary rulings, anonymised and plausible but not traceable one-to-one to a specific case. Each case illustrates a type of mistake that was preventable with better processes.

    Case 1: Wrong addressee

    A lawyer sent a complete financial file by email with an additional email attachment. Through autocomplete the mail client selected the opposing party's email address instead of the lawyer's own client. The file was opened within three minutes and shortly afterwards circulated within a family circle. The fine from the Dutch Data Protection Authority (AP) was in the highest band.

    Case 2: Forwarded transfer link

    The firm sent a draft settlement agreement via a consumer transfer service without identity verification. The client forwarded the link to her mother for "a second opinion", who in turn shared the link in a group chat. The file thus ended up with the opposing party.

    Case 3: Retention period too long

    A closed file was still accessible after eleven years on a consumer share platform that the firm had used "temporarily" during an earlier IT migration. Through a data breach at the provider the file fell into the hands of a third party. The GDPR obligation to destroy data after the retention period expires had not been observed.

    Case 4: No identity verification at signing

    The draft divorce deed was sent for initialling without authentication. A family member of one of the parties signed under a false capacity. The resulting legal complications continued to have an effect for years.

    How TransferGuard prevents each of these incidents

    The four cases above share one root cause: the transfer channel trusted the link or the email address, not the person. TransferGuard reverses that.

    • Wrong addressee (case 1). The file only opens after the recipient is verified. With Verified Identity, TransferGuard even checks that the name on the ID document matches the name you entered. The opposing party who accidentally receives the email does not get past that check.
    • Forwarded link (case 2). A TransferGuard link is worthless without verification. The mother or the group chat can click all they want: without the addressee's email code, SMS number or ID document, the file stays encrypted and closed.
    • Retention period too long (case 3). Every transfer gets an expiry date (7, 14 or 30 days) and is deleted automatically afterwards. "Forgot to clean up" no longer exists.
    • False signature (case 4). When signing via TransferGuard with ID verification, the verified name of the signatory appears on the certificate. A family member signing under a false identity is exposed immediately.

    Five best practices for divorce files

    The best practices below form a minimum for firms that regularly work with divorce files. They are measures that prevent incidents such as those above in almost all cases.

    • Strictly one transfer channel for client files. One certified platform; no ordinary email, no WeTransfer, no Dropbox link.
    • Identity verification on by default. For every document that goes to a client or opposing party: SMS-OTP as a minimum, biometric for sensitive passages.
    • Shorten the retention period at platform level. Set transfers to an expiry date that fits the nature of the document, not "unlimited".
    • No autocomplete for sensitive transfers. Require the addressee to be selected manually from the file system.
    • Archive audit reports with the file. A standard part of the closing protocol for every case, preferably provided with an independent verified timestamp from an external timestamp authority, so that the date and time are recorded independently.

    Data breach: the notification duty under pressure

    If a breach does occur after all, article 33 GDPR applies: notification within 72 hours to the Dutch Data Protection Authority (AP), unless the breach is "unlikely to result in a risk". In divorce cases that exception is almost never applicable. The sensitivity of the data and the relationship between the parties mean that almost every breach will be assessed as risky. Additional notification to the data subjects themselves (article 34) will in practice almost always be required as well.

    A verifiable audit trail (about which we write more in Burden of proof in digital case files ) is decisive in data-breach investigation: it proves exactly what was and was not affected, so that the scope of a breach is objectively and defensibly delineated.

    Conclusion

    Divorce files deserve the highest classification within a law firm's GDPR policy. TransferGuard combines identity verification, automatic expiry periods, EU storage (Frankfurt) and long-retainable certificates in a single platform, reducing the breach risk to a fraction of what common consumer tools allow. The difference between a file closed without problems and a disciplinary complaint almost always lies in the chosen transfer procedure.

    Read also our article on the GDPR requirements for file transfer or view the Certified Delivery features.

    Ready to send certified?

    Certified Delivery from €49/mo excl. VAT. Verified Identity from €79/mo. Cancel monthly.

    Get started

    Read next