The GDPR—action for pension trustees and employers [ARCHIVED]
Produced in partnership with Catrin Young of Burges Salmon
The GDPR—action for pension trustees and employers [ARCHIVED]

The following Pensions practice note Produced in partnership with Catrin Young of Burges Salmon provides comprehensive and up to date legal information covering:

  • The GDPR—action for pension trustees and employers [ARCHIVED]
  • The key action points for trustees and employers in lead-up to 25 May 2018
  • Step 1—Conduct a data audit
  • Step 2—Identify and document your legal basis for processing data
  • Step 3—Review member communications
  • Step 4—Review third party contracts
  • Step 5—Sharing data with third parties
  • Step 6—Review and update internal policies and procedures
  • Step 7—Work out whether a data protection fee is due to be paid
  • Step 8—Keep abreast of developments

The General Data Protection Regulation (GDPR) came into force on 25 May 2018 replacing, and building on, existing data protection legislation. The GDPR raises the bar to increase protection for individuals' personal data. Trustees and employers (as data controllers) need to be more transparent about what they do with personal data. Individuals have stronger rights over their data and there are substantially heavier penalties for breaches of the law. Accountability is a key theme: ‘appropriate technical and organisational measures’ need to be taken to ensure compliance with the higher standards of the GDPR is demonstrable. There is no phasing in of the new obligations.

This Practice Note, therefore, focuses on the key action points which trustees and/or sponsoring employers will have had to take in the lead-up to 25 May 2018 in respect of pension scheme arrangements.

For information on the application of the GDPR in a pensions context, see Practice Note: The GDPR for pensions lawyers.

For frequently asked questions concerning the pensions impact of the GDPR, see Practice Note: GDPR—FAQs for pensions.

The key action points for trustees and employers in lead-up to 25 May 2018

Trustees and employers of pension schemes will have had to take the following steps in the lead-up to 25 May 2018:

  1. Step 1—Conduct a data audit

  2. Step 2—Identify and document your legal basis for processing data

  3. Step 3—Review member communications

Popular documents