Client feedback

Great communication and practical help.
It’s a pleasure working with key members of the PSGS team: their experience and leadership means that they know how to get the job done, working in partnership with fellow trustees, employers and advisers to achieve the best result for members.
Mark Smith,
Partner at Taylor Wessing
As a pensions novice, I felt that the trustee training course gave me a good grounding.
Will Court
Wish I'd had the opportunity to do the Trustee training course sooner!
Stuart Atkins,
Raleigh UK Ltd
Fiona brings perspective from other schemes and therefore a wider knowledge.
When requesting information by email, I have noticed that there is 'out of hours activity' to answer me. I regard this as a stand out 'above and beyond' - impressed.

Leave or remain, new EU data protection laws may be with us either way

Topic:

Legal & governance

Date published:

Thursday, 24 March 2016

Author:

Gillian Graham

Image of Gillian Graham, Client Director

The long awaited General Data Protection Regulation (GDPR) has finally been agreed in principle, with regulations expected around June 2016.

As it applies directly to EU Member States, national legislation isn’t needed. Fortunately, we have two years to comply. Saying that, we all know how quickly a couple of years go by so pension trustees should get up to speed on the new regulations sooner rather than later.

What do pension trustees need to do?

The Information Commissioner has just issued a handy checklist of 12 steps you can take now to prepare for the GDPR. You can find at: http://dpreform.org.uk/preparing-for-the-gdpr-12-steps-to-take-now/

You’ll need to make sure your pension administrator, scheme actuary and other pension providers are making the right preparations too. With new sanctions for breaches – which include fines of up to 4% of annual worldwide turnover – it is in nobody’s interests to get their preparations wrong. The maximum fine for non-compliance could apply to data being sent overseas, so pension trustees with US parent companies need to be particularly careful following the recent collapse of the ‘Safe Harbor’ arrangements relating to the transfer of data between the UK and the US. A new arrangement known as the ‘EU/US Privacy Shield’ is currently being agreed, but is not in place yet.

With new obligations on data processors and new requirements regarding accountability, breach reporting and demonstrating compliance, pension trustees should review policies and procedures early to avoid being caught out. If your pension scheme doesn’t already have one, a clear framework of accountability will be a must.

What about the EU referendum?

If we wake up on 24 June 2016 to find the UK has voted to leave the EU, the new requirements may still apply to some schemes and businesses in the pension industry. The GDPR has broader scope than its predecessor, covering both EU-based entities and those established outside the EU where data processing involves EU data subjects.

As with all things related to a potential Brexit, data protection will form part of the all important exit negotiations, if they’re needed…

 

 

Back to opinions

 

Hot topics

PSGS & 20-20 Trustees merge to form Vidett
Hot Topic

Punter Southall Governance Services (PSGS) & 20-20 Trustees (20-20) have today announced they...

Read more »

Don’t be surprised that your gilt funds are being treated like an emerging market
Image of Hot Topic author Sophia Harrison, Client Director

You may have seen or heard about the article in the Financial Times about how Insight...

Read more »

More opinions »

Call: 0118 207 2900

online enquiry