Digitize client intake — for law firms and consulting

Client intake in a law firm or tax consultancy touches particularly sensitive data from the start. Personal information such as date of birth, marital status, employment situation or financial circumstances fall under the GDPR; in criminal cases, family law or social law, health or criminal data under Art. 9 and 10 GDPR are often added. You may only collect these fields if there is an express, documented legal basis — usually professional confidentiality combined with the express consent of the client.

Build the form so that each sensitive section is clearly marked as such. A short note before the block — "The following information is particularly sensitive and is subject to our professional confidentiality obligation" — creates trust. Host the form exclusively on your own domain with TLS encryption and ensure the data is processed in Europe. Avoid US tracking pixels on client forms — the risk assessment for a law firm practically always falls against third-country tools.

A core element of client intake is the power of attorney. Without it, the lawyer or tax advisor cannot act on behalf of the client towards authorities, courts or contractual partners. In the digital form, you map this in two steps: first the description of the mandate scope in plain language, then the express granting of authority with its own checkbox. Link the detailed authorization document as a PDF for download and reading before confirmation.

Some mandates require a written original authorization — for example real estate transactions or living wills. Here the form serves as preparation: it collects the data, generates the authorization as a PDF for printing and asks the client to submit the original by post or to sign it at an appointment. With conditional logic you only show these notes for the affected mandate types. For most standard cases the digital confirmation is sufficient — you should in any case align with your own professional rules and if necessary the client where a qualified electronic signature via an external provider is required.

Clients often bring extensive documents — contracts, notices, correspondence. Instead of accepting these as email attachments, you should enable the upload directly in the form. This avoids unencrypted email transmission and collects all documents in one place. Define allowed file formats per upload field and a limit per file and overall — typical are PDF, JPG and PNG with 25 MB per file.

Server-side virus scanners are mandatory. Store the uploaded files encrypted and ensure that only the responsible case manager has access. Assign meaningful file names with client ID and date so that later assignment in the file remains easy. If you use a DMS or law firm software, a webhook connection is suitable: after completion of the client intake, the documents end up automatically in the correct file folder. If the software has no native interface, a webhook receiver can control the transfer manually or via script — do not build a native integration that does not exist.

Client intake is only efficient if the data also ends up where the work happens — in the client file and the calendar. After completion of the form, trigger a series of actions via webhook: creation of the file in the DMS, assignment to the appropriate case manager, entry in the deadline calendar and confirmation email to the client with the next steps. This avoids manual transfer errors.

Do not forget internal obligations. With tax consultancies, client identification under the Money Laundering Act is mandatory — the form should query the necessary fields for this or at least schedule an appointment for identification. With lawyers, conflict checking belongs before the first consultation. Build these steps into the workflow: after receipt of the inquiry, automatically send a conflict check checklist to the lawyer before the client is confirmed. This way the digital form does not become a legal risk but a clean onboarding process.