GDPR will completely change the landscape within which substantial processors of data – of which pension schemes are a prime example – operate. There will be no ‘phasing in’ period and the repercussions for non-compliance can be severe, with potential fines of up to €20 million (or 4% of global annual group turnover if greater) in the event of a breach.
This free Made Simple Guide provides:
A glossary of data terms essential to understanding the new regulations;
A suggested timeline for GDPR readiness;
A comprehensive list of steps for trustees to take including key considerations, explanations of the regulatory requirements, and suggested means of implementing them:
Map your data flows and identify associated risks
Determine on what grounds you will be processing data
Appoint a Data Protection Officer (or justify not appointing one)
Reassess how you engage with your membership
Update policies and procedures
Review and renegotiate third party agreements
Nigel Peaple, Deputy Director for Defined Contribution, Lifetime Savings & Research, Pensions and Lifetime Savings Association, said: “The GDPR will have a substantial impact on our members and on other organisations within the financial sector.
As a result of GDPR pension schemes can no longer take a reactive approach to data compliance, as was possible under the Data Protection Act 1998. Schemes will be required to design and implement systems on a proactive basis, to ensure that any processing activities are compliant and are backed up by good record-keeping.
“As every action that a pension scheme undertakes involves the processing of data this is sure to be a mammoth task. GDPR's reforms, as supplemented by the provisions of the Data Protection Bill 2017, will impact every DB and DC scheme in the UK. We are very pleased that Herbert Smith Freehills were able to collaborate with us in the creation of this essential guide, and we are grateful for the hard work and expertise put in by their team.”
Alison Brown, Global Head of Employment, Pensions and Incentives at Herbert Smith Freehills, said: “This Made Simple Guide looks to introduce and guide pension schemes through the vast, and often highly complex, data protection changes that will take effect in May 2018. There is a lot to do in order to ensure that a pension scheme is “GDPR ready” by 25 May 2018.
“Our key message to schemes and their trustees is to be thorough, keep an eye on developments (there is a lot still to come) and, given the number of workstreams and necessary involvement of third parties, to make a start as soon as possible. We hope this guide helps schemes either begin to make necessary preparation for GDPR, or to plan next steps.”
|