Client feedback

Excellent, very strong relationship. Good understanding of our needs. We can absolutely rely on PSGS.
David Onion ,
Volvo Group
Very happy with PSGS as an organisation and that opinion is derived from the performance of those that represent them.
Sean Hoyle,
Wightlink
I work with Wayne and Kirsty. They really understand our business - they work with the company while retaining independence and ensuring compliance. They are a joy and pleasure to work with.
Neil McCawley ,
Ferguson plc
We have a good partnership the team really understand what we need and our knowledge eg budgets - "we don't have a referee" - very helpful. Challenge advisers but with a practical objective. Thanks to PSGS, GMP equalisation has been just a process.
Stephen Allaker ,
Bristol Myers-Squibb
We now have a very collaborative approach between trustees and employer.
Peter Millard,
Company Secretary, TRL Limited
Kevin takes control of the meetings whilst fully involving the other two trustees. His experience shines through and he is also a very good listener, making all parties feel involved.
Sharron King ,
KBC Bank

GDPR: the nightmare revisited!

Topic:

Legal & governance

Date published:

Thursday, 18 April 2019

Author:

Gillian Graham

Image of Gillian Graham, Client Director

I’m sorry to bring back the agonies of this time last year, but as pension trustee secretary I’ve started the first review of my clients’ GDPR policies. These are due to be completed within the next few weeks and, so far, I’ve found a couple of changes that I have recommended to my clients.

Over the top actions aren’t needed

The first change is to tweak the wording around breaches so we could avoid a full-blown crisis meeting when in fact the breach was very minor and it was a no-brainer that no report to the Information Commissioner’s Office (ICO) was needed.

Fortunately, I haven’t experienced any major breaches during the year (touch wood that continues) but I have found administrators are rightly reporting every minor breach. When a breach is obviously minor and only involves one or two individuals, it is clearly disproportionate to lodge a report or indeed to involve the full pension trustee board in reaching this decision. One of my clients agreed to amend their policy so, in such cases:

  • only the Trustee Chair and a member nominated trustee (MNT) needs be notified to reach a decision
  • the breach is also reported to the governance committee and recorded on the data breach log

Talking of no-brainers…

The second change relates to the ICO’s recommendation for data controllers to complete a three part test when they rely on legitimate interests as their grounds for data processing (see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/). This isn’t a GDPR requirement and so isn’t essential, but it is seen as best practice. Frankly, when dealing with pension schemes, the responses to the ICO’s list of questions show it is a no-brainer that processing data is in the members’ best interests.

I drew up a note to record the trustee’s responses to the test and its conclusion. A simple way to deal with something you could find pension administrators or lawyers over-complicate.

Although GDPR may still feel like a fresh wound, this is a good time to check everything remains fit for purpose.

 

 

Back to opinions

 

Hot topics

PSGS & 20-20 Trustees merge to form Vidett
Hot Topic

Punter Southall Governance Services (PSGS) & 20-20 Trustees (20-20) have today announced they...

Read more »

Don’t be surprised that your gilt funds are being treated like an emerging market
Image of Hot Topic author Sophia Harrison, Client Director

You may have seen or heard about the article in the Financial Times about how Insight...

Read more »

More opinions »

Call: 0118 207 2900

online enquiry