Help with data protection

words: Alison Wilson

Over the coming months, you may well see the letters ‘GDPR’ appearing in the news as we move towards the May 2018 deadline for its implementation.

What does GDPR mean? It is the General Data Protection Regulations approved by the European Union on 25 May 2016 and coming into force on 25 May 2018, replacing the EU Directive on which the UK’s Data Protection Act 1998 is based.

Regardless of the detailed outcome of Brexit, the guidance from the Information Commissioner’s Office (ICO) is that the UK should be aiming to adhere to the terms of GDPR.

The regulations introduce more stringent and prescriptive data protection compliance challenges for organisations. Non-compliance with GDPR can result in fines of up to 4% of global annual revenue or €20 million.


GDPR retains the core rules and principles of the Data Protection Directive, enshrined in UK law by the Data Protection Act 1998 (DPA), regulating the processing of personal data.

The existing rights of individuals to access their own personal data, to object to direct marketing and to rectify inaccurate data are all contained in the GDPR.


Consent: in order to continue to market to at-need families and previous pre-need enquirers, funeral directors will need to ensure there is a compliant ‘explicit opt-in’ in place for each customer. Funeral directors will need to obtain the explicit opt-in consent of the individuals in order to contact the families at a later date to market further services. Golden Charter will be able to provide compliant consent statements for use by funeral directors on their marketing literature.

Data Processors: the new law increases the responsibility of Data Processors (currently the position of funeral directors) so that being a Data Processor is no longer a comparatively easy ride from a compliance perspective to that of the Data Controller. For funeral directors, this means that they must be aware of and comply with the GDPR’s provisions for Data Controllers. For Golden Charter, it is necessary the company can demonstrate that funeral directors are aware of their obligations regarding planholders’ data.

A presentation of GDPR requirements was presented to the SAIFCharter Executive in June 2017, which highlighted the opt-in issues and the responsibilities and liabilities for funeral directors in handling customer data in general and that of Golden Charter plan holders in particular.

It will remain the responsibility of each funeral director to ensure they are compliant with the requirements of GDPR.

Golden Charter will be undertaking a programme of awareness training, education and assistance for funeral directors including:

• GDPR ’masterclasses’ for funeral directors supported by SAIFCharter
• Compliant opt-in statements for use by funeral directors in their marketing literature to enable access to their at-need databases
• Enhanced funeral director terms and conditions, including new GDPR provisions that all funeral directors agree to adhere to in selling or accepting Golden Charter funeral plans
• GDPR specific information to be included in the funeral director guidelines
• GDPR training for Regional Sales Managers to ensure they are delivering a consistent message in the field.

Tags: , , , , , , , , , , , , ,