The GDPR for English law trusts and estates
The International Family Offices Journal
Vol. 5 - Iss. 2 pp. 31–35
With or without a pandemic, data protection has become ever-more regulated, affecting family offices and family trusts, as explained by Emma Haley (United Kingdom): We live in an increasingly regulated world and data protection is an area of more extensive compliance since the introduction of the EU's General Data Protection Regulation (GDPR) in May 2018. Family offices across Europe will therefore be familiar with the GDPR as part of their compliance and administration responsibilities, both in running the family office itself and looking after a family's entities and affairs. Emma examines recent guidance and gives a recap of the basic requirements of GDPR in the context of non-charitable English law trusts and estates. The article lists a number of action items that trustees and executors might consider, including: conducting an audit of what data is held and why; who it is shared with; how long it will be kept; arrangements for keeping it secure and up to date; procedures to identify and report breaches as well as complying with subject access requests; reviewing contracts with others to whom the information is disclosed to ensure they too are GDPR compliant; taking care when sending information to a third party and implementing further checks and safeguards when sending to those outside the EEA; registering with the ICO; developing a policy and complying with the record-keeping requirements of their processing activities, where required; and issuing privacy notices to relevant beneficiaries and other data subjects. She closes with the warning that failure to comply can result in criminal penalties.