Supporting members of The Society of Will Writers with protecting personal data and meeting GDPR requirements
In the first three months since the GDPR regulations came into place the ICO have reported a 160% increase in data breach reporting. Individuals are becoming more aware of their rights and there is a growing reputational risk of managing personal data incorrectly.
The Society of Will Writers wants to support its members in ensuring they are and remain compliant with this legislation. For this reason, Astrid Data Protection Ltd have a solution for SWW members.
Who are Astrid Data Protection?
Astrid is an online platform designed to help small businesses protect the personal data they hold and meet the requirements of GDPR. They are keen to support sole proprietors and microbusinesses by removing the fear factors of GDPR and providing all the tools and advice to make it as easy as possible to comply – whilst keeping this affordable for even the smallest of businesses.
What are the benefits of working with Astrid?
Astrid breaks down all the activities you need to undertake into practical, manageable steps, and provides you with all the forms and tools needed. There is also a training suite and lots of helpful resources tailored around common concerns of small businesses managing sensitive data.
The Astrid system also provides an encrypted record repository to securely store all your compliance evidence, you will even get a certificate of completion demonstrating your commitment to data protection.
Astrid offers a free trial – you can create a free account to see how Astrid works and access some compliance guidance and documents
Discounted benefits for Society of Will Writers members
As a member of The Society of Will Writers, you can benefit from this service and get a discounted rate until the end of November 2018. To find out more about Astrid please visit the Astrid website with this link. To benefit from this saving straight away, create your free account here.
|No of staff
|Standard Astrid cost per annum||Society of Will Writers members per annum – 20% off till end of Nov 18|
|Sole trader||£ 225 plus VAT||£180 plus VAT|
|2– 4||£ 300 plus VAT||£ 240 plus VAT|
|5 – 10||£ 360 plus VAT||£ 288 plus VAT|
|11 – 25||£ 400 plus VAT||£ 320 plus VAT|
|25 +||£500 plus VAT||£400 plus VAT|
Tailored Advice for Will Writers
Astrid will be sharing some advice in the next few months on key GDPR issues our members face.
Survey finds 4 in 10 will writers not GDPR compliant
In the recent webinar held in conjunction with our GDPR partner Astrid Data Protection, 41% of respondents to a poll said that they had taken some steps to become compliant with the General Data Protection Regulation but were not finished.
Given that will writers handle very sensitive data on behalf of our clients, the consequences of non-compliance could be huge. Indeed, in another poll during the webinar, over 80% of respondents said that the consequence of GDPR that worried them most was a data breach, with 5% saying subject access request and 14% loss of customer confidence.
Whilst the number of respondents to the polls was only a small proportion of the Society’s members, the results do give food for thought. How would you deal with a data breach? Could you respond confidently to a subject access request? What would due diligence on your business’ approach to GDPR show if you were looking to sell? We don’t advise waiting to find out until you really need to know the answers to these questions!
If you would like to check how GDPR compliant you are, you can create a free trial account with Astrid and run their quick compliance check. You can find out in a matter of minutes what parts of GDPR you already have in place and where you need to take action.
If you missed the webinar, you can replay it by visiting Astrid’s website where you will also find their latest blog that addressed more of will writers unanswered questions.
Finally, don’t forget that as a Society of Will Writers member, can claim a 10% discount on an annual subscription with Astrid where you can access all the tools and guidance you need to become and remain compliant with GDPR.
In this series of blogs, Gerrard Fisher of Astrid Data Protection answers common questions that the Society receives about personal data collection, storage and security.
For how long can I hold clients’ personal data?
Data protection law states that you’re only allowed to use personal data for “as long as necessary” when doing your work. This is an important principle in the law but it’s not very helpful when you’re running a business. What does “necessary” mean? Why isn’t there clear information on what the right period is?
The simple answer is that the right duration can be different depending on what you need the information for, and a Europe-wide data protection law can’t list all those reasons.
For will writers, there will be some different reasons for processing personal information so different criteria for how long you keep that information. Even the Information Commissioner’s Office (the UK regulator for data protection) has a wide range of data retention periods for the personal data it holds – from 1 month to 100 years!
You’re likely to keep this for a long time – because you need to make sure the will records are held for a long time after the client’s death to defend legal claims. You can either set a reasonable time from when you first collected the information, or set a criterion for time after the client dies.
Oddly, information is only “personal data” while someone’s alive – so as soon as the client passes away, the information on them doesn’t fall under personal data protection law! Remember that references to beneficiaries and other living people listed in a will are still personal information though.
Employee and other information
You don’t need to keep employee or other information for as long. Usually, most legal reasons for holding personal data will only extend to 6 years. Some information won’t even need to be kept for that long. If you use CCTV for security in your business, that data shouldn’t be kept for longer than 1 month unless it’s required for evidence of a crime. Make sure that you’re clearing out old information that you no longer need.
Whatever duration you set for holding personal data, remember that you will need to guarantee that it’s stored securely for all that time and that there are the right arrangements in place for secure access by authorised people. Your privacy notice must also be clear about the timescales you’ve applied.
The Society of Will Writers offers secure document storage services The Society of Will Writers offer secure document storage services to it’s members through their own dedicated storage facility, The National Will Archive. SWW members can store their clients Wills and other related legal documents here where all documents are checked on arrival, scanned, databased and backed up daily providing both the client and the member absolute peace of mind over their security
For more guidance on protecting personal information in your business, visit www.weareastrid.co.uk and create an account on our App – it has all the help you need to get the right protection in place and prove you’re complying with data protection law.