GDPR - Estates and Trusts

I would be interested to hear any views forum members have on the effect of GDPR in the context of beneficiaries of estates and trusts. Given that we quite often hold proof of their ID and bank details, do forum members think that beneficiaries should receive an up to date “privacy notice”?

With estates where the Partners in the firm are appointed as the only Executors, I have always taken the view that the residuary beneficiaries are entitled to receive a copy of the client care letter and terms of business. It would seem a nonsense to send a privacy notice to the Partners in the firm acting. Should this therefore be sent to the residuary beneficiaries?

And then there are trust beneficiaries…

Justin Wallace
Brewer Harding & Rowe

Widening up this thread I wonder what effect
GDPR will have on solicitors/accountants etc in arranging for Wills and Settlement Deeds to be prepared for their clients.

In a lot of cases they will be provided by their client with details of non client beneficiaries & potential beneficiaries who will not be aware
that their information has been supplied to the solicitors/accountants.

Andrew M Mortimer

We put this exact question to the ICO and, after some deliberating, they confirmed that we do not have to contact beneficiaries when the Will is written (which seems the logical answer) and only at the time when the estate is administered and the Will comes into effect.
I would agree that beneficiaries should then receive a ‘GDPR compliant’ privacy notice to advise them how we will then process and store their data.

Helen Hill
The Planning Crowd


I have just been informed by a client that he has registered their Trust with the ICO…It hadn’t occured to me that there might be a requirement to do this. I appreciate Helen’s note about Estates, but Trusts have ongoing issues but I can’t think that they need to be registered?

Any thoughts?

Lucy Orrow
Lambert Chapman LLP

I don’t think Trusts need to be registered with the ICO but it would seem to follow from Helen’s comments, that we will need to be sending out GDPR Privacy notices to all beneficiaries for whom we hold personal data. This is going to be an onerous task for some. I have taken the view that this will only extend to current beneficiaries and not “potential beneficiaries” under the term of a Discretionary Trust.

Justin Wallace
Brewer Harding & Rowe

I believe that if you can justify holding data, in this case so you can pay the beneficiaries, there is no problem. One could argue it was also necessary for the conduct of a contract. If you continued to hold data after the state had been distributed the justification is the need to keep files for six years post death?

Iain Cameron
Acer Legal

We are really very lucky to have a team of data protection experts at the firm. They have been working flat out in the run up to GDPR so really appreciated me sending them a copy of the STEP article last week and asking them if it was correct! This is the article in which Helen Hill’s exchange with the ICO is reproduced.

I said that it seemed to me that when the testator died, their executor would become the data controller not the law firm holding the Will in store. My colleague agrees and can’t see how the role would suddenly attach to the firm simply because the testator dies and, as such, the firm itself would not have any obligation to provide a privacy notice. My colleague notes that the article confuses the right of access (Article 15) with the right to be informed (Articles 13 and 14) so do consider how much reliance you wish to place upon it.

Stuart Adams
Mishcon de Reya LLP

1 Like