Today, 28 January, is international “data protection day” (as explained on Wikipedia). Its purpose is to raise awareness and promote privacy and data protection best practice; there is no suggestion that organisations (including pension schemes) can ignore data protection the other 364 days of the year!
Here in the UK, many clients will remember the rush to get their pension schemes compliant with the EU’s General Data Protection Regulation (GDPR) back in 2018. But, like the pensions industry itself, data protection is a fast moving legal and regulatory area. Not least, the introduction of the Data Protection Act 2018; the adoption of the UK’s own version of the GDPR following Brexit; the Information Commissioner’s Office’s (ICO) new Code of Practice on data sharing; court cases impacting privacy notices and international data transfers; a growing awareness of data privacy issues meaning pension scheme members are increasingly cautious about the use of their personal data and streetwise about their rights; and the UK government is consulting on an overhaul of the data protection regime. What’s more, both the ICO and The Pensions Regulator (TPR) say data protection should be regularly reviewed, and the ICO can fine up to £17.5 million or 4% of global turnover for the most serious cases of non-compliance. So what does data protection day 2022 mean for UK pension schemes? If you have not done so already, it’s a timely reminder to review your scheme’s data protection status. Here are four key issues to follow up on. Continue Reading