PMI Crest
Thank heavens for GDPR!
11 May 2020

Thank heavens for GDPR!

Anyone involved in pensions will remember how 2018 saw us grappling with the General Data Protection Regulation (GDPR), scrutinising pension schemes’ data processes and asking hard questions about cyber security. However, many of us will now be saying ‘thank heavens for GDPR’ – without that, we might not have been able to rise to the challenge of homeworking with anything like the same degree of success.

Cynics thought the UK’s IT infrastructure would simply collapse under the weight of home-working, homeschooling and online home-entertainment, but so far the system seems to have been remarkably resilient. What the COVID-19 crisis has, however, brought to the fore are questions of data protection and cyber security, with trustee meetings and administration now being carried out from home.

Prior to COVID-19, video-conferences were only rarely used at trustee meetings. We have all now become experts, exchanging tips on the merits of systems we had not even heard of a week before. However, new technology brings new concerns, and experts have questioned whether all the products in use have appropriate privacy settings, or, if so, whether these are being applied appropriately.

Before using a system for the first time, it’s worth asking your IT department how to ensure the privacy of attendees and the confidentiality of the matters being discussed.

Another potential risk is people working on their home computers or using home email addresses. Thanks to GDPR, most trustees, administrators and advisers had already put measures in place to protect member data through the use of secure remote access facilities.

Trustees who are not still employed (for example pensioner-nominated trustees) may have been given secure email addresses rather than having to use their private accounts. Confidential material (especially that including sensitive personal data) is also routinely protected by being uploaded onto secure servers or using password protection. If any of these protections isn’t already in place then it should be considered urgently. Even if they are, trustees should ask whether processes are sufficiently robust.

One area that is still being considered is the receipt of original documents such as death certificates. Whilst many administrators are operating a skeleton staff to deal with post, there will be many cases where individuals cannot get to a post office to send the original, for example if they are self-isolating. Trustees will need to consider how to deal with such documents, balancing the safety of administrators and members with the need to reduce the risk of fraud. Another area where practice is still emerging is electronic signatures, which are not yet universally accepted.

When we emerge from COVID-19, it’s likely the world will feel a very different place. We can hope that the lessons learned during these strange few months will have focused our attention on ensuring that remote working is, nevertheless, secure working.


This article was featured in Pensions Aspects magazine May 2020 edition.

back to Pensions Aspects Magazine

Last update: 19 January 2021

Jane Beverley
Jane Beverley
Law Debenture
Trustee Director

Assistant Pensions Investment Consultant - Berkshire

Salary: £31500 - £37000 pa

Location: Berkshire

Senior Pensions Governance and Secretariat Consultant

Salary: £70000 - £90000 pa

Location: Hampshire

Senior Pensions Analyst

Salary: £55000 - £75000 pa

Location: London

You may also like:

Governance – what can we learn from Master Trusts?
08 October 2021

Governance – what can we learn from Master Trusts?

Since the modern day Master Trust was first established in 2012, they have become a phenomenon and are now amongst the most popular form of Defined Contribution (DC) Pensions Savings. One of the key factors to their success has been the governance structure underpinning them. From The Pension Regulator’s authorisation and supervision regime, to the efficient operation of the Board, Master Trusts have proved that strong governance does lead to better outcomes. This article explores the key learnings from Master Trusts and whether these principles can be applied to other pension schemes.

Read more
Responsible investment beyond the coronavirus
08 October 2021

Responsible investment beyond the coronavirus

How the investment community can help advance the environmental gains that have come out of COVID-19

Read more