Even law firms violate the GDPR

You must do your due diligence. Just because you engage a reputable business, does not mean that they know what they are doing.

For example, a Danish law firm was recently fined by the Danish Data Protection Authority for lacking basic security measures, which eventually led to a data breach (link).

Image from Wix.