Thank heavens for GDPR!
11 May 2020

Thank heavens for GDPR!

Anyone involved in pensions will remember how 2018 saw us grappling with the General Data Protection Regulation (GDPR), scrutinising pension schemes’ data processes and asking hard questions about cyber security. However, many of us will now be saying ‘thank heavens for GDPR’ – without that, we might not have been able to rise to the challenge of homeworking with anything like the same degree of success.

Cynics thought the UK’s IT infrastructure would simply collapse under the weight of home-working, homeschooling and online home-entertainment, but so far the system seems to have been remarkably resilient. What the COVID-19 crisis has, however, brought to the fore are questions of data protection and cyber security, with trustee meetings and administration now being carried out from home.

Prior to COVID-19, video-conferences were only rarely used at trustee meetings. We have all now become experts, exchanging tips on the merits of systems we had not even heard of a week before. However, new technology brings new concerns, and experts have questioned whether all the products in use have appropriate privacy settings, or, if so, whether these are being applied appropriately.

Before using a system for the first time, it’s worth asking your IT department how to ensure the privacy of attendees and the confidentiality of the matters being discussed.

Another potential risk is people working on their home computers or using home email addresses. Thanks to GDPR, most trustees, administrators and advisers had already put measures in place to protect member data through the use of secure remote access facilities.

Trustees who are not still employed (for example pensioner-nominated trustees) may have been given secure email addresses rather than having to use their private accounts. Confidential material (especially that including sensitive personal data) is also routinely protected by being uploaded onto secure servers or using password protection. If any of these protections isn’t already in place then it should be considered urgently. Even if they are, trustees should ask whether processes are sufficiently robust.

One area that is still being considered is the receipt of original documents such as death certificates. Whilst many administrators are operating a skeleton staff to deal with post, there will be many cases where individuals cannot get to a post office to send the original, for example if they are self-isolating. Trustees will need to consider how to deal with such documents, balancing the safety of administrators and members with the need to reduce the risk of fraud. Another area where practice is still emerging is electronic signatures, which are not yet universally accepted.

When we emerge from COVID-19, it’s likely the world will feel a very different place. We can hope that the lessons learned during these strange few months will have focused our attention on ensuring that remote working is, nevertheless, secure working.

Notes/Sources

This article was featured in Pensions Aspects magazine May 2020 edition.

back to Pensions Aspects Magazine

Last update: 19 January 2021

Jane Beverley
Jane Beverley
Law Debenture
Trustee Director

Senior Secretary to Trustees and Client Manager

Salary: £65000 - £75000 pa

Location: London

Pensions Administrator

Salary: £20000 - £30000 pa

Location: London, Berkshire or Greater Manchester or Scotland office with hybrid working

Associate Consultant/ Senior Pensions Administrator

Salary: £30000 - £45000 pa

Location: Hampshire/Hybrid Working 2-3 days in office

You may also like:

Pensions Aspect Magazine April 2024
04 April 2024

Pensions Aspect Magazine April 2024

Examining the three ‘P’s: Pensions, Policy and Politics.

Find out More
Pensions Aspect Magazine February 2024
02 February 2024

Pensions Aspect Magazine February 2024

Navigating the landscape of trusteeship

Find out More