Making wills accessible in the future and meeting GDPR requirements
Will writers have quite a unique role in handling people’s information – they must make sure that a vital document is stored correctly and accessible at some point in the future but don’t know when that will be.
Data protection law requires you to keep information confidential, up to date and accessible. This means being able to get it out of archives quickly when it’s needed.
Raiders of the Lost Archive – a real story!
At Astrid we recently heard of an instance where a family needed to recover a will from a law firm - this company used a formal archive storage system so retrieval should have been straightforward. The will was written 18 years ago, so was presumed to be in the archive.
When their will file was recovered from the archive, they found it didn’t contain the latest version of the will. Losing this vital document meant that the executors couldn’t apply for probate as planned or execute the will to release assets for the widow and beneficiaries.
Second time around the solicitor recovered all the client’s files from the archive. This also didn’t contain the will. Finally, the solicitor found the original will in a filing cabinet in the office. The solicitor wasted many hours searching for a document that should have been found in a few minutes. The cost of poor data handling isn’t just about fines – it’s about saving money by running your business efficiently too.
What are the implications under GDPR?
This was a data breach – or at the least a very near miss. The company failed to store the information properly and couldn’t recover it through its normal procedures.
Fortunately, the company managed to find the will in its office within 30 days of the request being made. After 30 days, the client would have been able to lodge a formal complaint with the ICO and it’s likely that an ICO investigation would follow.
If the will had never been found, the company would have been liable for all losses that occurred as a result of the breach and the costs of putting that right. There’s no legal precedent yet under GDPR but if someone was disinherited because the original will couldn’t be found it’s possible the company would be liable for that too.
What does this mean for will writers?
When archiving wills, you must ensure that you know exactly where it’s being stored and how it will be kept secure and safe from harm. You must also know how quickly it can be accessed when it must be recovered (whether that’s to be annulled or executed). This must be possible at the right time in the future – so you must plan for this being after you no longer run the business.
Data protection law makes the company liable for all costs of putting the problem right. You won’t want legal claims from people claiming to be disinherited of an estate so it’s sensible to have back-up certified copies of documents and make sure the affidavit route for those copies is possible.
Got any questions about GDPR? Join our GDPR webinar for will writers with the Society of Will Writers.
Protect your business - become and remain GDPR compliant with Astrid