Data Protection Policy Statement

Policy Statement

Trustworthy Wills Ltd (trading as The Hertfordshire Will Company (HWC)) recognises the significance of data protection.  The purpose of this policy is to protect all personal information controlled or processed by the organisation, and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Institute of Professional Willwriters.

Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.

Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions.  These controls are monitored, reviewed and improved regularly to ensure that specific data protection, security and business objectives are met.  This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.

The lawful basis upon which we process your data are;

1; consent; where a client has given clear consent for us to process your data for a specific purpose (e.g. writing wills or setting up Lasting Powers of Attorney): and;

2; contract where the processing is necessary for a contract that we have with a client such as to write will/s or Lasting Powers of Attorney.

In particular, HWC is committed to compliance with data protection requirements and good practice to include:

  • Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
  • Processing only the minimum personal information required for these purposes;
  • Providing clear information to natural persons (including children) about how their personal information can be used and by whom;
  • Only processing relevant and adequate personal information;
  • Processing personal information fairly and lawfully;
  • Maintaining a documented inventory of the categories of personal information processed by the organisation;
  • Keeping personal information accurate and, where necessary, up-to-date as far as is practical and possible;
  • Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal;
  • Respecting natural persons’ rights in relation to their personal information;
  • Keeping all personal information secure;
  • Only transferring personal information outside the UK in circumstances where it can be adequately protected, although this is unlikely to occur and if so, very rarely;
  • Developing and implementing GDPR to enable the data protection policy to be implemented;
  • Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation’s;
  • Identify workers with specific responsibility and accountability for GDPR;
  • Maintain records of processing of personal information.

Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program.  The Data Protection policy is readily accessible internally and presented to existing and prospective clients.  In addition to employees; suppliers, contractors and sub-contractors of HWC are expected to adhere to our Data Protection Policy.

HWC is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.

Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, HWC will demonstrate confidence, integrity and credibility both internally and externally.


Brian Meehan
A.S.W.W. F.I.P.W
Managing Director

10 May 18
Version 1.0