The Pensions and Lifetime Savings Association (PLSA) has launched a new Made Simple Guide in partnership with Herbert Smith Freehills. The free guide aims to help pension schemes become fully compliant with the EU’s General Data Protection Regulation (GDPR) by the deadline of 25 May 2018.
GDPR will completely change the landscape within which substantial processors of data – of which pension schemes are a prime example – operate. There will be no ‘phasing in’ period and the repercussions for non-compliance can be severe, with potential fines of up to EUR20 million (or 4 per cent of global annual group turnover if greater) in the event of a breach.
Nigel Peaple (pictured), Deputy Director for Defined Contribution, Lifetime Savings & Research, Pensions and Lifetime Savings Association, says: “The GDPR will have a substantial impact on our members and on other organisations within the financial sector. As a result of GDPR pension schemes can no longer take a reactive approach to data compliance, as was possible under the Data Protection Act 1998. Schemes will be required to design and implement systems on a proactive basis, to ensure that any processing activities are compliant and are backed up by good record-keeping.
“As every action that a pension scheme undertakes involves the processing of data this is sure to be a mammoth task. GDPR’s reforms, as supplemented by the provisions of the Data Protection Bill 2017, will impact every DB and DC scheme in the UK. We are very pleased that Herbert Smith Freehills were able to collaborate with us in the creation of this essential guide, and we are grateful for the hard work and expertise put in by their team.”
Alison Brown, Global Head of Employment, Pensions and Incentives at Herbert Smith Freehills, says: “This Made Simple Guide looks to introduce and guide pension schemes through the vast, and often highly complex, data protection changes that will take effect in May 2018. There is a lot to do in order to ensure that a pension scheme is “GDPR ready” by 25 May 2018.
“Our key message to schemes and their trustees is to be thorough, keep an eye on developments (there is a lot still to come) and, given the number of workstreams and necessary involvement of third parties, to make a start as soon as possible. We hope this guide helps schemes either begin to make necessary preparation for GDPR, or to plan next steps.”