Data privacy and GDPR

The General Data Protection Regulation (GDPR), widely regarded as the biggest shake up of data protection law in 20 years, comes into force on 25 May 2018 and will give individuals greater control over the way in which their personal data is processed. Every organisation will need to review their data privacy policies and procedures and are likely to need to make significant changes before it comes into effect. 

How could this impact you or your HNWI clients?

The data of high net worth individuals (HNWI) is a valuable commodity and those individuals should ensure they limit the amount and nature of the data they disclose, particularly sensitive personal data. However, the GDPR will enhance individuals’ data protection rights and introduce an increased obligation for businesses to be open and transparent in how they use personal data.

Under the new Regulation individuals will have the right to force the correction or erasure of personal data without undue delay and withdraw their consent to it being processed at any time. All organisations will be required to review how they obtain consent and individuals will be entitled to receive far more information before deciding whether to give consent than under current laws.

The GDPR will give individuals more power to challenge businesses and official bodies they suspect may not be handling data lawfully. Under the current UK Data Protection Act, an individual has the right to serve a ‘data subject access request’ (DSAR) to find out what personal data a controller holds against them. Under the GDPR, DSARs will have to be responded to more swiftly and include a greater level of detail. This is a useful tool for any high net worth individual with concerns about an entity which holds information on them. Family Offices, professional advisers and other intermediaries which deal with the affairs of HNWIs could also receive a DSAR and should have procedures in place to respond to it. They should also scrutinise their service providers to ensure they have an adequate GDPR compliance programme established to protect their clients’ data. Please click here for our handy guide, GDPR – Top 10 data protection issues for professional advisers.

How we can help

Our dedicated Data privacy team has extensive experience in this area having provided data protection advice and acted in claims since the introduction of the Data Protection Act (1998), we also represented the core participants in the Leveson Inquiry and continue to act for a number of high-profile individuals in phone hacking litigation against the national press. We can support clients by making a complaint to the regulator or court and can help them achieve compensation for breach of their rights. In addition, we advise on data protection breaches, dealings with the Information Commissioner’s Office (ICO) and other data protection issues. We also advise professional service providers, including family offices, IFAs and accountants, on their obligations in dealing with their clients’ data. Please click here for our handy guide, GDPR – Top 10 data protection issues for professional advisers.

High net worth individuals and their advisers should also consider reviewing the security of their IT systems, networks, mobile phones and other interconnected devices such as CCTV, television, navigational systems and the like. We work closely with a small number of experts dedicated in data security who can help to establish the level of vulnerability of personal data and offer solutions to improve security.

If you are interested in discussing how we can support you in any issues related to data privacy, please contact a member of our Data privacy team. For guidance on moving your business towards GDPR compliance, go to our CB Comply page

Additional information