Countdown to data deadline
Big changes in the law are coming which will impose new and stringent privacy and personal data rules on business – and they affect the funeral profession as much as anyone else.
The General Data Protection Regulation (GDPR) has been implemented by the European Union and takes effect from 25 May. The UK Government made it clear that it expects all businesses and organisations to show that they are working to conform.
At SAIF, we’ve collaborated with Golden Charter in producing GDPR resources for all our members. We will continue to provide input at Regional Meetings, webinars and here in SAIFInsight.
Golden Charter has a series of masterclasses – please do attend these in your region if you can.
Our resources cover templates and policies, as well as a consent template which may be included in your funeral arrangement form. These templates can be found on the secure members’ area of the SAIF website.
Should your firm use a different funeral planning company, then we recommend you contact it about its guidelines in respect of data processing within the terms and conditions of your contract.
Here are some of the tools we can offer:
GDPR jargon buster
An ABC explaining terms like data controller – those responsible for how information is collected and used – and data processor. The latter includes third-party agencies such as celebrant, minister, crematorium and funeral director.
GDPR accountability checklist
A handy checklist for your firm to work through to ensure you have prepared your business for compliance.
GDPR consent form
The new data regulations are in place to protect personal data information – in other words, the right to privacy. This marketing consent template has been designed to be used during the first client meeting where funeral arrangements are discussed, whether at-need or pre-need.
You might wish to add tick boxes of services that your firm offers or remove those you don’t provide, such as stonemasonry.
GDPR customer rights document
From 25 May onwards the customer can request to know the information you hold about them and the secure measures you use to keep it safe – for example, if the files are in a fireproof locked cabinet. If a client does make this request, you need to respond within one calendar month.
This is a document your client may ask for during your appointments and can be referred to on your website and in your terms and conditions.
The template we have developed is a sample and so needs to match the individual practices and procedures you have implemented or intend to.
GDPR retention policy document and template
This sets out for your clients who in the business is responsible for data protection, how data is kept, for how long and the way in which information is disposed of securely. Again, the template will need to be edited to reflect how your firm chooses to retain and discard information.
GDPR data processing policy with third parties document and template
This relates to at–need in respect of celebrants, ministers, crematoria and other parties where the personal data of your client is shared, along with how those sharing it will handle that data. Please note the template must be fit for purpose and reflect the arrangement you set in place with third party agents.
At pre-need, Golden Charter is the data controller and the funeral director is the data processor. Therefore, your funeral plan company will have a data processing agreement with your firm.
Data breach notification procedure template
Please read the Information Commissioner’s Office (ICO) guidelines if a breach occurs. For instance, if a paper file containing personal data was lost, then a report has to be filed with the ICO within two business days.
The notification procedure sets out who and how breaches will be dealt with at your firm.
Again, please edit the document to reflect the procedures your firm puts in place and the person responsible.
Donor data and next of kin and charities guidelines
In brief, depending on which donation management process you use, whether a third party or your own programme, the charity may write direct to the next of kin with an acknowledgment of thanks and sums raised. Or, if the funeral director wishes to record the data and pass to the next of kin, insert a tick box for charity donation acknowledgement in the consent template on the arrangement form.
On the SAIF website members’ area we have added extended information documents on the policy papers. These are the longer version of the one-page documents.
SAIF will issue further guidance as the ICO clarifies its position on certain matters and issues further directives.
If you have any questions, please contact the SAIF Business Centre on 0345 230 6777 or email.
In addition, the ICO has a dedicated online resource on GDPR along with a helpline on 0303 123 1113.Tags: data, EU, Europe, GDPR, ICO, law, legislation, processing, protection, regulation, SAIF, storing