The regulations for holding this data are changing under a law called the General Data Protection Regulation (GDPR). It became EU law on May 25th 2018 and as such it will apply to all organisations holding personal data, both electronic and paper copies; in this case it will be WD. GDPR will not be affected by Brexit. WD are reviewing all their policies and practices for holding personal data.
That review includes the legal level of permission under which WD hold the data (whether WD have your permission to hold the information we have), exactly what data is held and why WD need to hold it. WD also have responsibility for any data that is processed by a third party and we will be reviewing our arrangements with any such organisation.
It will also be important WD update all policies to be GDPR compliant and review the length of time that personal data is held for.
WD are complying with GDPR by drawing up a new Privacy Information Notice to ensure you know what is kept on file, for how long and how you can complain about our data policies or breaches to the supervisory body.
This notice will be updated regularly over the next few months as WD make progress towards the end goal of being GDPR compliant within the regulatory timeframe.