Data protectionAug 9 2018

Why GDPR will impact trust disputes

  • Consider why the trust is an important legal concept and the reasons for setting up a trust.
  • Understand what GDPR is and how Subject Access Requests can be used in trust disputes.
  • Learn what action can be taken in light of enhanced data protection.
  • Consider why the trust is an important legal concept and the reasons for setting up a trust.
  • Understand what GDPR is and how Subject Access Requests can be used in trust disputes.
  • Learn what action can be taken in light of enhanced data protection.
pfs-logo
cisi-logo
CPD
Approx.30min
pfs-logo
cisi-logo
CPD
Approx.30min
twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
pfs-logo
cisi-logo
CPD
Approx.30min
Why GDPR will impact trust disputes
comment-speech
  • Minutes of trustee meetings where the trustee has considered anything regarding the individual;
  • Documents provided to banks and other entities which list the individual as a beneficiary or ultimate beneficial owner;
  • Copies of correspondence, internal notes, or records of calls with settlors/beneficiaries/the family office, where the individual has been discussed;
  • Copies of trust deeds/private trust company articles/foundation regulations or related documents that identify the individual in the class of beneficiaries, excluded persons, or as capable of being able to exercise powers in respect of the trust (either now or in the future);
  • Family governance charters; and
  • Family investment company documents.

This is a major potential issue for trusts as it gives individuals rights that go far beyond the normal trust law rules on beneficiaries' (and others') rights to information.

There are exclusions to SAR disclosure, such as information protected by legal professional privilege, protected for the purpose of crime prevention, protected during the course of negotiations and to protect the rights of others.

However, there is nothing to prevent Subject Access Requests for the sole purpose of gathering material to commence litigation, and so they are becoming widely used by trust litigators to gain information, disclosure of which may otherwise be prevented under trust law.

Unfortunately, trustees cannot rely on the argument that they are protecting the rights of the settlor, or particular beneficiary(ies) in order to issue a blanket refusal of disclosure pursuant to a SAR.

For example, where data can be redacted to sufficiently protect the rights of other(s), disclosure will be required on that basis under the SAR.

Most SARs will have to be considered on a case by case basis and in relation to each piece of data, and in some cases trustees may wish to seek advice on disclosure from data protection specialists.

The trustee in receipt of an SAR will need to determine a number of issues, including:

  • Is the request valid/is the trustee within the scope of GDPR?
  • Does the trustee hold personal data of the requesting data subject? 
  • Is the personal data protected by legal professional privilege?
  • Can the personal data be withheld in order to protect the rights of another?
  • To what extent can the personal data to be disclosed be redacted?

In most instances, these questions need to be dealt with on a case by case (or document by document) basis, and the timelines imposed by GDPR means that the trustee has to act quickly; a data controller usually has just one month to provide a full response, although this can be extended by up to two months in particularly complex or large cases.

Take action

PAGE 3 OF 4
A service from the Financial Times