We’re five months on from the implementation of GDPR (General Data Protection Regulation) and many people have been asking what effect the new data protection rules have had for those acting as Executors and Trustees, and is there anything they should be doing going forward?
The effects of GDPR for Trustees and Executors:
As part of the role of Executor and Trustee you will inevitably be gathering together details of beneficiaries, including their names and addresses etc. which are forms of personal data. As such, executors (also known as personal representatives) and trustees will be deemed to be data controllers under the definitions of the GDPR. Any person holding personal data must have a legal ground for this. Typically, the most relevant ground for trustees and executors in such a position will be that it is necessary to hold the data in order to comply with a legal obligation.
Trustees may also hold what is called special category data, which includes matters such as religious beliefs, health data or sexual orientation. Where this type of data is concerned, processing of it is prohibited unless certain criteria are met, the most likely criteria for Trustees being explicit consent, necessity to protect the vital interests of the person, or public interest.
What should you do to ensure you comply with the law?
Whilst there should be no issue in satisfying the necessary grounds for holding the data, Trustees and Executors do have a duty to make sure that any data they hold is held securely.
In some scenarios those in the role should also be sending privacy notices to beneficiaries, although the requirement of confidentiality to the initial settlor may affect this duty.
Data protection is a complex area of law with many pitfalls to avoid so it’s vital to take legal advice before acting if you’re unsure of your duties and responsibilities.
For more information on GDPR for Trustees and Executors or guidance on your role, please contact Sarah Pull in our Wills, Trusts and Probate team on 0161 475 7689.