WHAT DOES THE GDPR MEAN FOR PENSIONS?

Similar documents
WHAT DOES THE GDPR MEAN FOR PENSIONS? HANDY GUIDE

Guidance: The new EU General Data Protection Regulation: Implications for Australia

ARE YOU READY FOR THE NEW DATA PROTECTION LAWS?

Pension Trustees. Final Countdown to the GDPR

Pension Trustees Final Countdown To GDPR

GDPR FOR PRIVATE EQUITY AND REAL ESTATE

The New EU General Data Protection Regulation (GDPR)

Revising policies and procedures under the new EU GDPR

The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

Processing under the GDPR: risk and liability shifts

The General Data Protection Regulation (GDPR) Personal data in SOS International

General Data Protection Regulation. Asked Questions

PERSONAL DATA PROCESSOR AGREEMENT

Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)

DATA SUBJECT ACCESS REQUEST POLICY AND PROCEDURE

Your Right Hand Finance Ltd (YRH) Subject Request Policy

New Data Regulation, Brexit and the Pensions Industry.

The contract is important so that both parties understand their responsibilities and liabilities.

The GDPR Possible Impact on the Life Sciences and Healthcare Sectors

GDPR CCPA LGPD. Protected information

EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )

New legislation brings changes to how data is handled

The General Data Protection Regulation (GDPR): action plan for pension scheme trustees

CHARITY & NFP LAW BULLETIN NO. 419

Management of Personal Information Policy (Privacy Policy)

Even If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law

Creating a Big Data Strategy: Managing Risk and Enabling Innovation

The General Data Protection Regulation s Impact on M&A

GDPR: Frequently Asked Questions to Brokers Ireland, February 2018.

Data Privacy Notice. Who are we and why do we register and use personal data?

1.6 This submission is made on behalf of the firm and not on behalf of any client of the firm.

Southern Golden Retriever Rescue Data Protection Policy

The Future of Data Privacy in Europe T H E E U R O P E A N G E N E R A L D ATA P R I VAC Y R E G U L AT I O N (G D P R)

International Privacy Day Global Privacy , the Year of Reform

GDPR Essentials. To Meet the May 25th Deadline. FIA Webinar March 1, 2018

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

HOW TO MANAGE THE RISKS OF MASS DATA BREACHES UNDER GDPR

TERMS OF BUSINESS AGREEMENT CAUNCE O HARA & COMPANY LTD

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

Appropriate Policy Document

2018 Australian privacy outlook

International data transfers and Schrems White & Case. Aqeel Kadri and Tim Hickman

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy? July 31, 2018

A distinctive local company with national standards. Practical Credit Control & New [GDPR] Data Protection Regulations

The New Zealand MARKETING ASSOCIATION

LOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS

What does GDPR and the new Data Protection Act mean to Brokers/Intermediaries?

GENERAL DATA PROTECTION REGULATION (GDPR) MADE SIMPLE GUIDE

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

DATA PROTECTION NOTICE

States of Guernsey EU General Data Protection Regulation (GDPR) - High-level impact assessment

General Data Protection Regulation (GDPR)

The data protection fee

EU PRIVACY REFORM UPDATE ON CANADA S EU ADEQUACY STATUS

CLIENT DATA PROCESSING AGREEMENT

Firefighters Pension Scheme

Deferred Member s Transfer Request Form to a Scheme that was contracted in

Notice of Protected Health Information Privacy Practices

IRIS Group of Companies Customer Data Processing Terms

The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice

HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018

General Data Protection Regulations Briefing (the presentation you ve all been waiting for)

ERGO Versicherung AG UK Branch Data Privacy Notice

CPI PROPERTY GROUP. Group Data Protection Policy. 25 May Summary

Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification

Anticipating the Burden of Risk:

BREXIT AND DATA PROTECTION Q & A

Cover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name

THE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT

Privacy Policy Statement

GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations

GDPR update and its impact on accountancy practices

All Sorts UK Limited Data Protection Policy 17 th May 2018

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

SECURITY SAFEGUARD BREACH GUIDE

GENERAL DATA PROTECTION REGULATIONS PRIVACY NOTICE

The new data protection law main changes at a glance

THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL

LEGISLATIVE COUNCIL Bills Committee Electronic Health Record Sharing System Bill

The Market Abuse Regulation in Belgium

TERMS OF BUSINESS. By asking us to quote for, arrange or handle your insurances, you are providing your informed agreement to these Terms of Business.

GDPR: The future of marketing and commercialisation of data. Alexander Brown & Matt Dyer, Simmons & Simmons

Transatlantic Trends in Private M&A Transactions

Privacy Statement v 1.1

Information about Danica Pension s processing of personal data

Financial Services Authority

Agile Mind Counseling 506 Maple Street A Wellness Approach Athens, Tn

Privacy vs Data Protection: The Impact of EU Data Protection Legislation

Tech and Cyber Claims Services

Privacy. Policy. Purpose. Coverage. Policy. Code and version control:

Privacy Policy. Effective Date 1 December 2017

DATA PRIVACY & FAIR PROCESSING NOTICE

European Regulatory Snapshot: The Amended Transparency Directive

Privacy Statement for Intermediaries

INTERNATIONAL SOS. Data Protection Policy. Version 1.8

DATA PROTECTION POLICY

Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy

Personal Data. Protection Policy

Transcription:

WHAT DOES THE GDPR MEAN FOR PENSIONS?

The General Data Protection Regualtion How will the pensions industry be affected? The pensions industry processes huge amounts of personal data - member's names, addresses, dates of birth, salary details, other financial information as well as sensitive data concerning physical and mental health. The GDPR makes important changes to data protection law and raises the bar quite substantially in terms of obligations on those who handle personal data. Coupled with a much tougher enforcement regime and increased penalties for non-compliance, trustees and administrators should be getting to grips with their responsibilities under the GDPR now. We always get excellent service from them. They always understand what we're looking for, they communicate in plain English, stick to timelines and always deliver. Data Protection & Information Law, Chambers & Partners 2016 Privacy by design and default Existing good practice recommendations must be hard-wired into day to day operations. Breach notifications There are express statutory obligations to notify privacy regulators and affected individuals in the event of a data privacy breach where there is risk of harm to individuals. Accountability There is an ongoing requirement to demonstrate compliance to regulators on an ongoing basis and maintain records. Sanctions The maximum fines that can be imposed for serious contraventions are the greater of 20m or 4% of total worldwide turnover but lesser contraventions also carry hefty fines. One stop shop There will be a simplified regulatory oversight for organisations that operate in multiple countries in the EU. Changes include: Consent There is a new requirement for clear affirmative action and an end to pre-ticked boxes and bundled consents. Transparency Much more information must be given to individuals at the point of collection. Lawful Processing There are stricter rules on processing data for new purposes. Access rights Greater rights are given to individuals, including rights of erasure, protection against profiling and a right of data portability. More information You can follow the latest developments on the GDPR, including the latest guidance from regulators, on our GDPR microsite: brodies.com/gdpr or our blog: techblog.brodies.com

Specific issues: Privacy notices Trustees will need to refresh the privacy/fair processing notices used with members. Consent Where personal data is processed on the basis of consent, the basis upon which consent has been given will need reviewed. Where the consent does not meet GDPR standards, can it be refreshed or is there some other basis for processing? Contracts Contracts under which personal data is processed by data processors will need to be reviewed to make sure they contain the mandatory provisions required by GDPR and are updated generally. This will affect current and new contracts and is likely to impact administration services and other relevant agreements. Individual rights Pension schemes need to be prepared to handle the new and enhanced rights given by the GDPR to individual members in respect of their data. Records Trustees and those who process personal data on their behalf, such as scheme administrators, must keep appropriate records and keep them available for inspection by the Information Commissioner's Office on request. Security and breach notification Data security is an increasing issue. Procedures for handling data may need to be tightened and measures taken against new risks such as cyber attacks. With new requirements for mandatory breach notification, pension schemes need to make sure that they are on top of data security, monitoring and reporting requirements.

What do I need to be doing? identify your team and plan your strategy for compliance; create an information asset register what personal information and where, why, how and with whom do you process it; review the legal basis for your data processing activities; review your data collection forms and privacy notices to ensure they meet the new requirements; identify your status under the GDPR; review your processes and systems for dealing with data subjects rights, as well as responses to FOI requests; implement data governance policies and measures and training to ensure your organisation operates in accordance with the requirements of the GDPR; review your supply chain arrangements with data processors; and ensure that new technology and systems are GDPR ready. Key contacts To discuss how the GDPR will impact on your organisation, or how Brodies can assist you with your preparations, please get in touch with a member of Brodies information law or pension teams. Grant Campbell PARTNER +44 (0)131 656 0115 grant.campbell@brodies.com Juliet Bayne PARTNER +44 (0)131 656 0049 juliet.bayne@brodies.com More information You can follow the latest developments on the GDPR, including the latest guidance from regulators, on our GDPR microsite: brodies.com/gdpr or our blog: techblog.brodies.com

brodies.com

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback