Eileen Ireland, GDPR trainer, consultant, and founder of ReGDPR, outlines the key risks and responsibilities around data handling for funeral homes, celebrants, crematoria and related services.

“Given the number of people and processes involved, GDPR compliance is essential to protecting data in the funeral sector. Funeral homes, crematoriums, celebrants and related services routinely process sensitive personal information.

What kind of data do funeral firms handle?

Funeral firms often handle names, addresses, health details, religious preferences, and financial information about the deceased and their families. Other sensitive information can include text messages, handwritten notes or video messages linked to funeral planning.

What funeral firms should be doing

Avoiding GDPR risks starts with awareness and clear action. The steps below provide a practical starting point for compliance.

1. Review your data: what you hold, where it’s stored, who can access it, and how it flows in and out of your business.

2. Limited access and secure storage: Restrict access to only those who need it. For example, a pallbearer should not have access to financial details. Use encrypted systems for both digital and physical records.

3. Establish a data retention policy. Set clear timeframes for how long data is kept and ensure you have a legal basis for retention. Review records regularly and securely delete information that is no longer required.

Clear policies, secure systems, and well-informed staff are key to meeting legal obligations and maintaining client trust. Maintaining GDPR compliance protects both business integrity and client trust, beyond simply avoiding penalties.”