The law on data protection will change on 25 May 2018 when the General Data Protection Regulation comes into force.
As data controllers, trustees will need to take a number of steps to ensure compliance ahead of the May 2018 deadline. As a first step, they should identify the types of personal data held by the pension scheme and the sorts of data processing carried out on their behalf. From this starting point, trustees should consider whether such processing is lawful and otherwise carried out in accordance with the requirements of the regulation.
GDPR strategic planning
Failure to comply with the GDPR could lead to significant financial penalties being imposed on trustees. As trustees could be liable for the data protection breaches of their scheme administrators and advisers, it is critical that they review their data protection arrangements at a strategic level.
GDPR advice to pension scheme trustees
At Wrigleys we can help trustees with the following:
- to understand their obligations under the GDPR including trustee training.
- to design and implement data mapping exercises to identify personal data held by the scheme and third parties and the processing carried out on their behalf.
- to prepare the documents required to demonstrate their compliance with the new legislation, including:
- privacy notices
- data protection policies
- data protection agreements with scheme advisers.
- untangle the knotty issue of consent including when consent to the processing of personal data is required and how it should be obtained.
Article: GDPR – Practical guidance for pension trustees - Data protection is changing significantly from 25 May 2018. We explore the changes to the law and suggest our 'Top 6 Actions for Pension Trustees'.
Podcast: GDPR- what should pension scheme trustees be doing? - In this podcast we will be looking at the new General Data Protection Regulation and its impact on trustees of pension schemes including what trustees should be doing now to get ready for the new regime.