Global menu

Our global pages


UK pensions speedbrief - GDPR - call to action!

  • United Kingdom
  • Pensions


The new General Data Protection Regulation (GDPR) comes into force on 25 May 2018.

Data controllers (such as trustees) have a lot to do to ensure they comply with the GDPR. This is because it has a much greater emphasis on trustees having appropriate processes in place than the current regime.

For example:

  • members will need to be told more about what data is held about them, why and what their rights are in relation to it;
  • trustees will need to ensure that their contracts with third parties contain provisions to reflect the new requirements; and
  • trustees will need to identify what data they hold in relation to members and consider how long they need it for.

Importantly, the Information Commissioner has said that, as data controllers should have known about the GDPR for some time, there will be no period of grace after 25 May 2018 and the Information Commissioner’s Office will regulate from that date. However, it has also said that:

“if you can demonstrate that you have the appropriate systems and thinking in place, you will find the ICO to be a proactive and pragmatic regulator aware of business needs and the real world”.

So, where trustees have taken some steps to comply with their GDPR requirements, they are likely to be in a better position if something goes wrong than those who have done nothing at all.

Data protection is not an issue that many pension scheme trustees naturally think about spending time or money on. However, if you have not already done something to ensure that your scheme data complies with GDPR, please treat this as a call to action to work on your GDPR compliance now. If you have not taken reasonable steps to comply with GDPR, you may well face higher penalties from the Information Commissioner’s Office were something to go wrong after 25 May 2018.

If you are a trustee of a scheme that has yet to do anything, our GDPR catch-up kit might be able to help you. We can provide you with a simple and straightforward set of documents and instructions how to use them for a fixed fee which will put you well on your way to GDPR compliance.