GDPR represents a tightening up of the obligations owed by trustees and an extension of some of the obligations to those supplying services to trustees, such as solicitors and accountants. It will come into force on 25 May 2018.
GDPR is designed to ensure that personal data is processed in a way to protect the rights of individuals and trustees will owe this duty to beneficiaries.
Trustees will become data controllers who will determine the purpose and means of processing personal data and will apply to both professional and lay trustees.
Beneficiaries have the right to ask the trustees whether or not they are holding their personal data and are also entitled to know the data being held. Although not a complete list, they are also entitled to know: why the information is held; to whom it may be shared with and how long it will be held for.
Where trustees hold personal data for beneficiaries, a privacy notice should be provided to the beneficiary. Included in the privacy notice should be: contact details for the trustees; the source of where the information was obtained (such as the trust deed or settlor); the beneficiaries’ rights; why the information is required and who it will be shared with. Full details can be found in Article 14 of the GDPR.
It is very unlikely that trustees’ current arrangements are GDPR compliant and they should, therefore, start preparing for GDPR now, although the regulatory guidance is not yet finalised.
Trustees should review their current arrangements, the data they hold and start to put in place new processes, systems and documents.
Trustees could start by: deciding who will deal with the GDPR compliance and who will be the main point of contact; conducting an audit of any personal data held; update any existing data protection policies and put in place a procedure to identify and record if there is a breach of personal data.
This article touches very lightly on the implications of GDPR for trustees and trustees should review their obligations further.
If you need any assistance regarding a matter like this, then please do not hesitate to contact our team of wealth management solicitors.
