Contact one of our advisors now Call 0800 088 6004

GDPR and Lasting Powers of Attorney (LPAs)

Reasons to choose Wilson Browne

The dreaded and feared four letters, GDPR! Whilst we don’t like to discuss GDPR anymore than we need to it seems that tougher restrictions have now been placed on data processing and this means that more checks will exist for those who seek to act on another’s behalf.

First of all, and most importantly, if you do not have a LPA in place, no one has the legal authority to make decisions for you if there ever comes a time when you are unable to do so yourself. This means that any informal agreements that were in place before GDPR may no longer be valid.

The way data is held and processed changed on 25 May 2018. From this date, data management became subject to the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and associated provisions. The GDPR provides principles regarding personal data, its use, management and access, including correcting data inaccuracies and automated decisions, profiling and deletion. The major change concerns data subjects and their consent to storage and disclosure.

LPA attorneys, Court of Protection deputies and the GDPR

Many LPA attorneys and Court of Protection deputies are already subject to the Data Protection Act 1998 but what is new is the active consent provisions under GDPR. This means that attorneys and deputies should try to involve the donor (where appropriate) to obtain consent regarding personal data storage and disclosure. Of course, this can only be done if the donor still has capacity. Changes have also arisen regarding how attorneys and deputies store personal data.

In a LPA donors can confirm instructions or preferences but donors should be warned about such clauses which consent to or decline access to personal data. It would be inappropriate to place a clause in the LPA which gives consent to data sharing. This is because it may create a conflict between what is in the donor’s best interests and as an instruction clause on the LPA.

A solution to this may be to provide guidance to the attorneys via a memorandum of wishes. These wishes can be updated as when the donor sees fit. Guidance might include, for example:
1. I wish my attorney to record how they arrived at a decision to disclose or decline to disclose data.

2. After X years I wish my attorney to review any data they are holding and consider if it is still relevant to continue to store that data. If not I wish my attorney to delete it.

3. If my attorney is faced with a conflict of interest situation, I wish them to contact the Office of the Public Guardian or its successor and seek their guidance.

Conflicts of interest for the medical professionals

Everyone is subject to GDPR and what difficulties does this pose for doctors and medical practitioners? Are doctors/nurses going to be reluctant to release information to family and loved ones in fear of breaching GDPR? This seems likely. The doctor/nurse is likely to insist on seeing the registered LPA to confirm who is privy to the personal information and this may lead to unnecessary delays and upset. It is therefore advisable for all registered LPAs to be made known and registered with the GP of the donor especially if that donor has now lost capacity.

If you would like to discuss making Lasting Powers of Attorney then please do not hesitate to contact us.

Stacy Ludlam


Stacy Ludlam

Senior Associate. FCILEx

Stacy is a Fellow member of the Institute of Chartered Legal Executives (FCILEx) and advises clients on Wills, probate, trusts, inheritance tax, lasting powers of attorney and more.