Pensions GDPR Update – May 2019

21-05-2019

Authors: Philip Smith and Daniel Watters.

Click here to view the briefing in PDF format.

This is the GDPR update from our Pensions Group,which summarises some practical aspects of where GDPR processes for pension schemes are at one year on.

In the period since 25 May 2018, there have been a number of minor breaches involving pension schemes which have generally been closed without further action by the Data Protection Commission.  The Data Protection Commission’s office has a specifically appointed person in charge of the pensions industry and is aware that pension schemes hold and control significant amounts of personal data.  It has become clear that carrying out a dry run of the breach procedure and incident response plan is a worthwhile exercise for trustees.

Many schemes have not yet been able to complete finalising GDPR terms and conditions with all of their third party providers due to the complexity of the interaction between investment platforms, administrators, sponsoring employers and trustees.  This means that designing a practical data breach procedure which involves all of these four parties and their respective different security protocols can be a challenging exercise.

The attached update indicates some of the things that have worked so far and some of the things that have not and what the next steps for trustees are with regard to GDPR compliance.

For further information on this update, please contact a member of the Pensions Group, or alternatively you can contact a member of the Technology and Innovation Group.

Download PDF