PMI Crest
Thank heavens for GDPR!
11 May 2020

Thank heavens for GDPR!

Anyone involved in pensions will remember how 2018 saw us grappling with the General Data Protection Regulation (GDPR), scrutinising pension schemes’ data processes and asking hard questions about cyber security. However, many of us will now be saying ‘thank heavens for GDPR’ – without that, we might not have been able to rise to the challenge of homeworking with anything like the same degree of success.

Cynics thought the UK’s IT infrastructure would simply collapse under the weight of home-working, homeschooling and online home-entertainment, but so far the system seems to have been remarkably resilient. What the COVID-19 crisis has, however, brought to the fore are questions of data protection and cyber security, with trustee meetings and administration now being carried out from home.

Prior to COVID-19, video-conferences were only rarely used at trustee meetings. We have all now become experts, exchanging tips on the merits of systems we had not even heard of a week before. However, new technology brings new concerns, and experts have questioned whether all the products in use have appropriate privacy settings, or, if so, whether these are being applied appropriately.

Before using a system for the first time, it’s worth asking your IT department how to ensure the privacy of attendees and the confidentiality of the matters being discussed.

Another potential risk is people working on their home computers or using home email addresses. Thanks to GDPR, most trustees, administrators and advisers had already put measures in place to protect member data through the use of secure remote access facilities.

Trustees who are not still employed (for example pensioner-nominated trustees) may have been given secure email addresses rather than having to use their private accounts. Confidential material (especially that including sensitive personal data) is also routinely protected by being uploaded onto secure servers or using password protection. If any of these protections isn’t already in place then it should be considered urgently. Even if they are, trustees should ask whether processes are sufficiently robust.

One area that is still being considered is the receipt of original documents such as death certificates. Whilst many administrators are operating a skeleton staff to deal with post, there will be many cases where individuals cannot get to a post office to send the original, for example if they are self-isolating. Trustees will need to consider how to deal with such documents, balancing the safety of administrators and members with the need to reduce the risk of fraud. Another area where practice is still emerging is electronic signatures, which are not yet universally accepted.

When we emerge from COVID-19, it’s likely the world will feel a very different place. We can hope that the lessons learned during these strange few months will have focused our attention on ensuring that remote working is, nevertheless, secure working.


This article was featured in Pensions Aspects magazine May 2020 edition.

back to Pensions Aspects Magazine

Last update: 19 January 2021

Jane Beverley
Jane Beverley
Law Debenture
Trustee Director

Pension Administrator

Salary: £34000 pa

Location: Currently home working then Hampshire

Senior Pensions Lead

Salary: £40000 pa

Location: Home working now, later mix of office (Kent)/home

Pensions Administrator (FTC, 11 Months)

Salary: £30000 pa

Location: West Yorkshire

You may also like:

Long term funding: start with the end in mind
06 January 2021

Long term funding: start with the end in mind

As we emerge from a COVID world, setting long-term funding targets is a key 2021 focus for trustees. Galvanised by The Pensions Regulator (TPR)’s. new Defined Benefit (DB) funding code of practice, trustees and sponsors need to pay acute attention to the maturing status of their DB schemes. TPR expects trustees to determine a clear journey plan towards a lower risk position as they close in on their goal.

Read more
Lessons to learn from experience for pension schemes
06 January 2021

Lessons to learn from experience for pension schemes

A recent survey carried out by Barnett Waddingham asked trustees to identify the risks they were most concerned about for their schemes. It also asked trustees to share their experience of the types of risk events that had crystallised for their schemes over the past three years.

Read more