PLSA launch made simple guide explaining GDPR

21 September 2017

The Pensions and Lifetime Savings Association (PLSA) has launched a new free ‘Made Simple Guide’ in partnership with Herbert Smith Freehills on the General Data Protection Regulation (GDPR).

The guide aims to help pension schemes become fully compliant with the EU’s GDPR by the deadline of 25 May 2018.

GDPR will completely change the landscape within which substantial processors of data operate – of which pension schemes are a prime example. There will be no ‘phasing in’ period and the repercussions for non-compliance can be severe, with potential fines of up to €20 million (or 4% of global annual group turnover if greater) in the event of a breach.

The Made Simple Guide provides:

  • A glossary of data terms essential to understanding the new regulations

  • A suggested timeline for GDPR readiness

  • A comprehensive list of steps for trustees to take including key considerations, explanations of the regulatory requirements, and suggested means of implementing them:

    • Map your data flows and identify associated risks

    • Determine on what grounds you will be processing data

    • Appoint a Data Protection Officer (or justify not appointing one)

    • Reassess how you engage with your membership

    • Update policies and procedures

    • Review and renegotiate third party agreements


CIPP comment

Although the GDPR Made Simple Guide is aimed at pension trustees the information is just as applicable to the payroll profession and anyone who is a processer or controller of data. Processing is any activity involved with the collation, storage, dissemination, amendment or destruction of data. The controller is the person who determines how, and for what purposes, data is to be processed. The data processor is the person who actually processes the data; however this can be the data controller, or a third party doing so on the data controller’s behalf.

The CIPP also run a half day training course which will help delegates understand and prepare for the changes, including how they affect payroll and HR functions, so that they can help their organisations become fully compliant by May 2018.