News

About PWJ Solicitors

We have served generations of individuals and local businesses, providing comprehensive legal advice.

The Law Society - Conveyancing

23

Oct

2018

GDPR for Personal Representatives

As a result of the new General Data Protection Regulations (GDPR) personal representatives and trustees acting in relation to the Will of a deceased person are subject to the requirements and penalties of this Act and are considered as potential Data Controllers and Processors for this purpose.  If we, as solicitors,  are assisting with the administration, then the firm becomes joint Data Controllers alongside the personal representatives.  If we, as solicitors,  are acting as professional personal representatives then the residuary beneficiaries effectively act as clients and the firm acts as Data Processors.

The beneficiaries of the Will of the estate of the deceased are considered to be Data Subjects, and the Data Processors and Controllers owe duties to these beneficiaries under the Act where such beneficiaries are natural persons, not companies or charities.

The Regulation requires Data Controllers to give data subjects information (‘Privacy Notices’).  These must include:

– contact details of the Data Controller,

– the purposes for which the data will be processed,

– the grounds on which the data is held,

– the source of the data where it is required from a third party,

– the period for which the data will be held,

– the right to complain to the ICO, and

– the rights of the data subject to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.

The key Data Protection principles from Article 5.1 are incorporated into this list of obligations, as are the rights of data subjects in Articles 12 to 23.  Personal Representatives need to be fully informed of their obligations under the Act and ensure that they follow its requirements strictly.

A person holding personal data must have a legal ground for doing so.  Because the data would normally be supplied to personal representatives, trustees and professional advisors (at least initially) by the Testator, consent of the Data Subject will not normally be available as a ground.  The ground under which we would be acting as solicitors is ‘processing…necessary for compliance with the legal obligation to which the Controller is subject.’  Personal representatives, trustees and advisors need to hold personal data to carry out their legal obligations.  Please be aware that there are special regulations in relation to special category data, including details about race, ethnic origin, politics, religion, trade union membership, etc.  This is prohibited under Article 9 of the regulation unless certain conditions apply.  An example of when a Personal Representative of Trustee may hold such information would be a disabled Trust or a vulnerable Beneficiary.

If you have any further questions about your obligations as a personal representative in relation to the Data Protection Act then please do not hesitate to contact us directly.

For information relation to our Data Protection policy, please see the specific section of our website.

 

 

 

Our Locations

Our office locations