The long awaited General Data Protection Regulation (GDPR) has finally been agreed in principle, with regulations expected around June 2016.
As it applies directly to EU Member States, national legislation isn’t needed. Fortunately, we have two years to comply. Saying that, we all know how quickly a couple of years go by so pension trustees should get up to speed on the new regulations sooner rather than later.
What do pension trustees need to do?
The Information Commissioner has just issued a handy checklist of 12 steps you can take now to prepare for the GDPR. You can find at: http://dpreform.org.uk/preparing-for-the-gdpr-12-steps-to-take-now/
You’ll need to make sure your pension administrator, scheme actuary and other pension providers are making the right preparations too. With new sanctions for breaches – which include fines of up to 4% of annual worldwide turnover – it is in nobody’s interests to get their preparations wrong. The maximum fine for non-compliance could apply to data being sent overseas, so pension trustees with US parent companies need to be particularly careful following the recent collapse of the ‘Safe Harbor’ arrangements relating to the transfer of data between the UK and the US. A new arrangement known as the ‘EU/US Privacy Shield’ is currently being agreed, but is not in place yet.
With new obligations on data processors and new requirements regarding accountability, breach reporting and demonstrating compliance, pension trustees should review policies and procedures early to avoid being caught out. If your pension scheme doesn’t already have one, a clear framework of accountability will be a must.
What about the EU referendum?
If we wake up on 24 June 2016 to find the UK has voted to leave the EU, the new requirements may still apply to some schemes and businesses in the pension industry. The GDPR has broader scope than its predecessor, covering both EU-based entities and those established outside the EU where data processing involves EU data subjects.
As with all things related to a potential Brexit, data protection will form part of the all important exit negotiations, if they’re needed…
‘ PSGS & 20-20 Trustees merge to form Vidett ’
Punter Southall Governance Services (PSGS) & 20-20 Trustees (20-20) have today announced they...
‘ Don’t be surprised that your gilt funds are being treated like an emerging market ’
You may have seen or heard about the article in the Financial Times about how Insight...
Vidett is a trading name of Vidett Governance Services Limited, Vidett Trust Corporation Limited & Vidett HRT Limited
Registered in England and Wales numbers 3021321, 10842337 & 745598
Registered office: 3rd Floor Forbury Works, 37-43 Blagrave Street, Reading, RG1 1PZ
