Second time around the solicitor recovered all the client’s files from the archive. This also didn’t contain the will. Finally, the solicitor found the original will in a filing cabinet in the office. The solicitor wasted many hours searching for a document that should have been found in a few minutes. The cost of poor data handling isn’t just about fines – it’s about saving money by running your business efficiently too.
What are the implications under GDPR?
This was a data breach – or at the least a very near miss. The company failed to store the information properly and couldn’t recover it through its normal procedures.
Fortunately, the company managed to find the will in its office within 30 days of the request being made. After 30 days, the client would have been able to lodge a formal complaint with the ICO and it’s likely that an ICO investigation would follow.
If the will had never been found, the company would have been liable for all losses that occurred as a result of the breach and the costs of putting that right. There’s no legal precedent yet under GDPR but if someone was disinherited because the original will couldn’t be found it’s possible the company would be liable for that too.
What does this mean for will writers?
When archiving wills, you must ensure that you know exactly where it’s being stored and how it will be kept secure and safe from harm. You must also know how quickly it can be accessed when it must be recovered (whether that’s to be annulled or executed). This must be possible at the right time in the future – so you must plan for this being after you no longer run the business.
Data protection law makes the company liable for all costs of putting the problem right. You won’t want legal claims from people claiming to be disinherited of an estate so it’s sensible to have back-up certified copies of documents and make sure the affidavit route for those copies is possible.
Got any questions about GDPR? Join
our GDPR webinar for will writers with the Society of Will Writers.