Pensions Update: Summer 2018

Author:Mr Philip Smith, Catherine Austin, Sarah McCague, Michael Shovlin, Daniel Watters and Marie McQuail
Profession:Arthur Cox

    1.1 The GDPR

    The General Data Protection Regulation ("GDPR") came into effect on 25 May 2018. It was recommended in our January 2018 update (available here) that trustees undertake a number of actions to ensure compliance with their obligations in advance of the enforcement date. If trustees have not yet completed these actions and you require further advice or information on the effect of GDPR on trustees' obligations, please contact us.

    1.2 Data Protection Act 2018

    The Data Protection Act 2018 (the "Act") was signed into law on 24 May 2018 with effect from 25 May 2018. While the GDPR did not require implementing national legislation to be effective, the Act, along with related regulations which the Government may introduce, is designed to give effect to the GDPR and to provide clarity on provisions which allow a certain limited flexibility to data controllers and processors. Of particular interest to trustees is section 50 of the Act which provides an exemption from the requirement to obtain a data subject's consent for processing health data in respect of occupational pension schemes and the provision of insured benefits.

    1.3 Pensions Authority Guidance Note

    Prior to the GDPR coming into operation, the Pensions Authority issued a guidance note on data protection considerations for trustees of occupational pension schemes ("Guidance Note"). In summary the Guidance Note highlights that trustees need to demonstrate: processing activities are in line with the GDPR; the legal basis for processing data is identified and recorded; they have issued GDPR-compliant privacy notices to members and other data subjects in a manner consistent with the requirements of the GDPR; that procedures for handling data subject access requests have been reviewed and updated where necessary; members and other data subjects are informed of their new rights; a data breach policy has been adopted; and consideration has been given to whether a data protection officer should be appointed by them (in most cases one will not be required).


    The Government published A Roadmap for Pensions Reform 2018-2023 (the "Roadmap") on 28 February 2018. The Roadmap aims to build on reports published by previous Governments, identify specific actions that need to be taken and set out a timetable for implementation. The reform of the State pension and creation of a new autoenrolment savings scheme were two...

To continue reading