Data: Do the right thing
A reminder of who’s who under the Data Protection Act 2018
A data subject is any living individual who can be identified directly or indirectly by the information held by an organisation.
This information can include details such as a name, telephone number, email address, address etc. The customers you deal with are data subjects if you have documented their details.
A data controller is the organisation that collects data and determines why and how it is used, while the data processor carries out the ‘how’.
When a customer approaches you to organise a Golden Charter funeral plan, the customer is the data subject, Golden Charter is the data controller and you are the data processor.
Your responsibilities
While funeral directors are data processors for funeral plans, you are a data controller when dealing with at-need funerals, so it is important that both you and your employees understand your responsibilities under the Data Protection Act 2018. These responsibilities include:
- Ensuring personal data is secure i.e. kept in a locked cupboard or password protected when stored electronically
- Being transparent with customers, allowing them to understand what personal data your business is processing and how this is handled; this is commonly documented in a Privacy Policy
- Understanding why personal data is being processed and only using it for the purpose intended
- Only capturing relevant personal data from customers to provide the services agreed
- Ensuring personal data is accurate by updating customer records when asked to do so
- Only storing personal data for as long as required
- Understanding and having processes that relate to a customer’s rights e.g. right of access where you must provide copies of all details held to the customer
When a Golden Charter funeral plan customer wishes to exercise any of their rights under the Data Protection Act 2018, you should make us aware within two days to allow us to respond to the customer request.
How to handle a data breach
A data breach is where someone who doesn’t need or have authority has accessed (or possibly has access to) a customer’s personal data. It is important to remember that a data breach can be identified from the moment you become aware of the issue and does not need to be a complaint from a customer. Examples of data breaches include:
- Posting paperwork containing customers’ personal data to an incorrect address
- Customers’ paperwork being left out overnight and an individual having access to the premises overnight
- A password-protected computer being left unlocked and a third party viewing customers’ personal data on the screen
You must ensure you have a process for dealing with data breaches in your business as data controllers must alert the Information Commissioner’s Office (ICO) to breaches which may pose a risk to customers’ rights or freedoms.
If you become aware of a data breach relating to a Golden Charter funeral plan customer, you must make us aware within two days by email or by calling our Business Compliance team on 0141 931 6380.
How we can help
We can offer your business support with data protection to ensure you fully comply with the requirements of the Data Protection Act 2018. There are a number of documents relating to data protection on the portal or, alternatively, speak to your regional account manager or contact our Business Compliance team by email.
Tags: compliance, data, data protection, GDPR, Golden Charter, legislation, Louise Love, partnership, regulation, risk, support