Today marks the start of the 12 month countdown to when pension scheme trustees must ensure their scheme is compliant with the new data protection regime under the EU General Data Protection Regulation (GDPR). The new regime differs significantly from current regulations and failure to comply could mean a fine of up to £20M or 4% of turnover – whichever is highest. Our specialist Pensions GDPR team, comprising data protection, cyber security and pension specialists, can help ensure you are GDPR compliant.
Actions which you should be taking now include:
- Contacting your scheme's employers to see what they are doing on GDPR compliance and discuss how you can work together. There are likely to be areas where trustees can adopt employer policies. For example, on data security.
- Contacting your scheme's administrator and other service providers. Ask what they will be doing regarding GDPR compliance and how they will be helping you meet your obligations. For example, revised contracts will need to be agreed and scheme records and member communications will need to be GDPR compliant.
- Preparing a project plan setting out the issues you need to address to be GDPR compliant.
- Preparing a data map/asset register. This will help you identify what data you have, who holds it and what is being done with it. The position may be more complicated than you think and a proper understanding is essential to ensuring GDPR compliance.
- Obtaining copies of member communications and standard member documents which will need to be assessed for GDPR compliance.