GDPR: What are the key priorities?
23 April 2018
In just over one month’s time the General Data Protection Regulation (GDPR) will come into force. If you are only just turning your mind to it complying with the new legislation will probably seem a daunting task, but there is still time to get ready for 25 May and the good news is help is at hand.
You may recall my initial article outlined the five key changes for pension schemes. There are also tougher sanctions for non-compliance.
What are the key priorities?
To give you a head start we have set out below six key actions to prioritise now:
- Update the scheme's data protection policy and procedures to reflect the necessary changes to ensure compliance with GDPR. Make sure you send an updated data privacy notice to members.
- Perform a data mapping exercise to identify the personal data the scheme collects, how it is processed, how it is obtained and the service providers it is shared with. This information will help you assess which data processing activities must comply with GDPR. The service providers will be used to providing this information to trustees by now and so it should be readily available
- Review the basis under which the scheme collects and processes personal data. Schemes may only collect and process personal data on the basis of one or more prescribed 'processing grounds'. Changes may need to be made for this to continue under GDPR
- Put in place processes to ensure you can respond to data breaches and notify the Information Commissioner within 72 hours
- Members will have enhanced rights under GDPR, such as the right to be provided with access to their personal data and the right to be forgotten. Identify the potential impact on the scheme and how best to respond to request to exercise these rights
- Identify any transfers of personal data outside of the European Economic Area and make sure that there is full compliance with the strict requirements under GDPR as to how these can be done. Data transfer agreements should be in place.
Help is at hand
GDPR will change the way you and your advisers work together to ensure pension scheme data is secure and the rights of privacy for pension scheme members is respected. At BDO our experienced GDPR team can assist in making sure you comply and avoid any unnecessary fines. To get help with any final preparations or any queries you have please email [email protected]