Data protection


The General Data Protection Regulation (GDPR) is coming into force on 25 May 2018 and the UK Government has published the Data Protection Bill. We offer specialist support to trustees and sponsoring employers to help prepare for this major change.

Whilst many of the GDPR’s requirements are similar to existing data protection provisions, the new rules will strengthen data protection requirements. The amount of information that needs to be given to individuals will increase, reporting obligations in the event of a breach will be greater and heavier sanctions will be imposed for non-compliance.

The Government has confirmed that the UK’s decision to leave the EU will not affect the UK’s implementation of the GDPR in 2018. The UK Data Protection Bill is designed to bring the GDPR into UK law, subject to certain amendments.
The clock is ticking loudly for all organisations holding and processing personal data relating to individuals. Our unique position at the heart of the pensions industry means we can provide commercial advice on how the new data protection laws apply in a pensions context and what practical steps need to be taken.

How we can help

  • identifying the questions to ask when auditing data
  • reviewing existing or new contracts
  • considering the policies and procedures that may need to be put in place or updated
  • communicating with members
  • reconciling data protection compliance with the other obligations and responsibilities that apply to pension schemes.

Recent experience

  • Helping trustees to put in place a tailored project plan to prepare for the GDPR
  • Reviewing the protections in place for trustees in the context of the higher sanctions under the GDPR
  • Drafting GDPR-compliant privacy notices for trustees for inclusion in their annual newsletter
  • Drafting GDPR-compliant contractual clauses for contracts between trustees (as data controllers) and service providers (as data processors)
  • Advising trustees on reviewing their consent process and wording in light of the more stringent requirements under the GDPR
  • Advising employers on data-sharing arrangements in place with the trustees of its occupational pension scheme
  • Assisting with joining up the approach the employer has towards compliance and risk management with running a pension scheme.