PMI Crest
Thank heavens for GDPR!
11 May 2020

Thank heavens for GDPR!

Anyone involved in pensions will remember how 2018 saw us grappling with the General Data Protection Regulation (GDPR), scrutinising pension schemes’ data processes and asking hard questions about cyber security. However, many of us will now be saying ‘thank heavens for GDPR’ – without that, we might not have been able to rise to the challenge of homeworking with anything like the same degree of success.

Cynics thought the UK’s IT infrastructure would simply collapse under the weight of home-working, homeschooling and online home-entertainment, but so far the system seems to have been remarkably resilient. What the COVID-19 crisis has, however, brought to the fore are questions of data protection and cyber security, with trustee meetings and administration now being carried out from home.

Prior to COVID-19, video-conferences were only rarely used at trustee meetings. We have all now become experts, exchanging tips on the merits of systems we had not even heard of a week before. However, new technology brings new concerns, and experts have questioned whether all the products in use have appropriate privacy settings, or, if so, whether these are being applied appropriately.

Before using a system for the first time, it’s worth asking your IT department how to ensure the privacy of attendees and the confidentiality of the matters being discussed.

Another potential risk is people working on their home computers or using home email addresses. Thanks to GDPR, most trustees, administrators and advisers had already put measures in place to protect member data through the use of secure remote access facilities.

Trustees who are not still employed (for example pensioner-nominated trustees) may have been given secure email addresses rather than having to use their private accounts. Confidential material (especially that including sensitive personal data) is also routinely protected by being uploaded onto secure servers or using password protection. If any of these protections isn’t already in place then it should be considered urgently. Even if they are, trustees should ask whether processes are sufficiently robust.

One area that is still being considered is the receipt of original documents such as death certificates. Whilst many administrators are operating a skeleton staff to deal with post, there will be many cases where individuals cannot get to a post office to send the original, for example if they are self-isolating. Trustees will need to consider how to deal with such documents, balancing the safety of administrators and members with the need to reduce the risk of fraud. Another area where practice is still emerging is electronic signatures, which are not yet universally accepted.

When we emerge from COVID-19, it’s likely the world will feel a very different place. We can hope that the lessons learned during these strange few months will have focused our attention on ensuring that remote working is, nevertheless, secure working.


This article was featured in Pensions Aspects magazine May 2020 edition.

back to Pensions Aspects Magazine

Last update: 19 January 2021

Jane Beverley
Jane Beverley
Law Debenture
Trustee Director

Head of Professional Services

Salary: £65000 - £85000 pa

Location: Leeds, West Yorkshire

Pensions Transition Manager – flexible working

Salary: £40000 - £65000 pa

Location: East Sussex

Junior Project Manager 12 month FTC

Salary: £20000 - £25000 pa

Location: County Durham

You may also like:

Your scheme is bespoke... why isn’t your LDI solution?
09 April 2021

Your scheme is bespoke... why isn’t your LDI solution?

Liability Driven Investment (LDI) has become an increasingly important part of pension funding, with over half of UK pension schemes liabilities now hedged using LDI1.

Read more
Cyber justification - a question of security?
09 April 2021

Cyber justification - a question of security?

If I asked you about cyber security, what would come to mind? You might think about nineties-era fussy firewalls, or the guards from Tron with their laser-frisbees. And many of us will know someone for whom the term means sticking a bit of tape over the camera on their laptop.

Read more