search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
34 www.glasgowchamberofcommerce.com


Business preparing for the challenges of GDPR


holds a large volume of personal and sensitive data on its records. Last year, it set up a GDPR project


A


team to ensure all its internal functions, including how it handles employee details, comply with the new data protection regulations. This work has covered all areas of Golden Charter’s business, and it had an additional compliance challenge to ensure that all the independent funeral directors who help to sell its plans understand the impact of the changing regulations on their businesses. Alison Wilson, Golden Charter’s


Director of Risk & Compliance, explained the issue: “Golden Charter sells its plans through its own internal marketing teams, and also through third parties such as IFAs, will writers and funeral directors. Time and resource can be limited, and independent funeral directors come in all shapes and sizes. That’s why we have developed a GDPR education programme of webinars, seminars, FAQs and scenarios in the run up to the new law coming into force on 25 May to help them fully understand the concept and give them guidance on becoming compliant.” In terms of funeral plans, Golden


Charter has obligations under GDPR as a “data controller”: the entity that decides the purpose, and the manner in which personal data is used. However, the funeral directors that sell its plans also have new data protection obligations as they are classified under GDPR as “data processors” in their relationship with Golden Charter: the entities that process the data on behalf of the data controller, including collating, recording and holding data. Alison said the term “data processor” is a bit of a misnomer:


s one of the UK’s leading providers of pre-paid funeral plans, Glasgow Chamber member Golden Charter


Data security is paramount under GDPR so that if hard-copy records are kept


of personal information these must be under lock and key”


“You don’t have to do anything with the data to be a processor, because just storing data comes under the ‘processor’ remit. So if we sent personal information to a funeral director to fulfil a funeral need and they never touch that piece of paper again they are still processing it as they store it. “Data security is paramount under GDPR so that if hard-copy records are kept of personal information these must be under lock and key and access limited to only those in the company that need to see this information as part of their job. Electronic records need to be at least password-protected. “Sharing data is also an area where


funeral directors need to assess risk and, where possible, write GDPR responsibilities into business contracts with third parties, such as cemeteries, celebrants, flower arrangers etc.” Another significant issue for


companies like Golden Charter that engage in direct marketing is obtaining consent to contact people in the future, as this cannot happen unless the individual has opted in. She said: “Golden Charter is obtaining


this consent when customers contact them and we are suggesting that funeral directors modify their business contracts to accommodate an ‘opt-in’ consent form to allow customers to agree to be contacted in the future for information about other services or products.” However, you do not need consent to contact a person if you have a “legitimate” interest in doing so as part of


your current business relationship with that customer, such as a pre-paid funeral plan.


Alison said: “While customers would


expect us to contact them to fulfil the funeral plan, GDPR prohibits us from using their data for contacting them for some other purpose, like trying to sell them an additional service, unless they have given us specific prior consent for doing that.” Golden Charter Chief Executive


Suzanne Grahame believes the new data protection law is a positive step forward as it puts customers at the heart of its business. She said: “This change in the tone of the conversation around data protection puts the individual at the centre of companies’ thinking and highlights the importance of protecting the security of personal data. It will make everyone more thoughtful about what data we really require, and only using it for the purpose it had been collected for. Golden Charter has had a robust compliance function spearheaded by Alison over many years now, but the specifics of GDPR and the financial and reputational risks it brings are bound to focus any business’ attention on these important issues. “Becoming GDPR compliant is a challenge, and my concern is that many smaller businesses will struggle, without support, to understand not just the regulations but how they can be applied to their businesses. “That’s why Golden Charter is helping and providing guidance to our funeral director family in what ways we can, but these changes are far-reaching, and businesses of all kinds will need support.”


Suzanne Grahame


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48