Pension trustees hold a large amount of member personal data and have legal obligations as data controllers. New significant changes to data protection legislation will impact trustees and members.
Pension trustees have until 25 May 2018 to get ready to comply with the General Data Protection Regulation (GDPR). This will replace existing data protection legislation across Europe. The GDPR brings in new rights for individuals and places more onerous obligations on pension trustees in relation to their handling of personal data. The GDPR also brings in significantly increased sanctions for data protection breaches, with potential fines up to up €20 million or 4% of global turnover.
Download our project plan for a run-down of what you need to do and when you should do it by.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at September 2017. Specific advice should be sought for specific cases. For more information see our terms & conditions.