Subscribe
Search
Close this search box.

Ten point checklist to beat the clock for GDPR countdown

  • Claire Carey
The GDPR will introduce new contractual obligations, increase the information that needs to be given to individuals, and enhance reporting obligations in the event of a breach – with Minister of State for Digital, Matt Hancock, saying its aim is to give the UK “one of the most robust, yet dynamic sets of data laws in the world”. 
confidential

Ahead of the General Data Protection Regulations (GDPR), here is a checklist to help trustees and employees fully understand the responsibilities that will be expected of them from 25 May. Contributor Claire Carey, Partner – Sackers.

The GDPR will introduce new contractual obligations, increase the information that needs to be given to individuals, and enhance reporting obligations in the event of a breach – with Minister of State for Digital, Matt Hancock, saying its aim is to give the UK “one of the most robust, yet dynamic sets of data laws in the world”.  Non-compliance could be met with heavy sanctions of up to £17 million or 4% of global turnover, so it’s essential that trustees can show they have taken all reasonable measures to get it right.”

Sackers GDPR Checklist:

Audit your personal data
Under the GDPR, “personal data” is any information (whether opinion or facts) relating to an identified or identifiable living individual. As the ultimate responsibility for member personal data rests with the pension scheme’s trustees, they are “data controllers” for this purpose. Trustees therefore need to make sure they know what personal data they hold, why they hold it, who else has access to it, how long it has been held, and whether it is still needed

What grounds do you have for processing personal data?
For the processing of non-sensitive personal data to be lawful, at least one of six conditions must be met. Trustees therefore need to decide the basis (or legal grounds) on which they process scheme member personal data. Where consent is used as a basis for processing members’ personal data (e.g. where sensitive personal data is being processed), the procedures for obtaining consent should be reviewed and updated

Update your contracts
Trustees will need to have a binding contract in place with any data processor whose services they engage, which will need to address a number of key points, including the subject matter and duration of the processing, the nature and purpose of the processing, the types of personal data involved, and the categories of individuals on whom it is held

Communicate with members
The GDPR will introduce additional requirements affecting the provision of information to members. Trustees will need to issue revised information notices (also known as privacy notices). Where trustees are joint data controllers, for example with the scheme actuary, the trustees may wish to prepare a joint privacy notice

Do members know their rights?
Trustees need to tell members how their personal data is processed and ensure that members are fully aware of their rights in relation to the personal data that is held, such as the right to be forgotten and to have inaccurate personal data corrected. Trustees should ensure that their processes (and those of their advisers) are ready to deal with data requests from members

Review your policy
The trustees’ data protection policy will be the main document for recording how they look after personal data in relation to their scheme, reflecting key decisions taken and procedures put in place to meet GDPR requirements. The content and structure will vary, but should aim to cover certain points as a minimum in line with record keeping requirements.

Do you need a data protection officer?
Both data controllers and processors will need to appoint a data protection officer (“DPO”) in certain circumstances, such as where their core activities involve ‘regular and systematic monitoring of data subjects on a large scale’, or consist of large scale processing of sensitive personal data. Whilst it’s unlikely that occupational scheme trustees will need to appoint a DPO, all schemes should assess whether they need one with input from their legal advisers and document their conclusions

Understand your role
Key to GDPR compliance is ensuring you understand what is required under the new rules. Talk to your legal advisers about how they can help.

Be ready to demonstrate compliance
A new principle of accountability requires data controllers to be responsible for, and demonstrate compliance with, the data protection principles. Trustees should become familiar with the steps needed to fulfil their obligations. How well protected are you? Trustees should check what protections may be available to them in the event of any regulatory fines from the ICO or compensation claims from individuals arising from a data protection breach. As not all trustee insurance policies will cover such claims, it is important trustees check with their legal advisers the extent of any cover.

 

Receive more HR related news and content with our Free Newsletter

Read more

How do you justify leadership salaries to employees?

Five steps to an inclusive organisational culture for women

Keep your views to yourself and expect no change

Latest News

Read More

How employers can help support employee weight loss goals

16 April 2024

Read More

Health, Safety & Wellbeing

15 April 2024

Understanding Burnout: Navigating the Fire Within Our Work and Lives – ARTICLE OF THE WEEK – Issue 234 – April 2024

In today's fast-paced world, the term 'burnout' resonates deeply as it reflects a fire consuming our energy, leaving us physically, emotionally, and mentally exhausted. Whether...

Read More

Health, Safety & Wellbeing, Leadership, Learning & Development, The Workplace

15 April 2024

Work-related stress and burnout are costing the UK economy £28bn a year

Discover how investing in mental health training for managers and senior leaders can transform workplace culture and drive business success....

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Stark differences in how caring impacts male and female caregivers

Revealed: How health & safety and employee stress is related

UK businesses record a 55% increase in sick leave

Remote working declining as firms push for office returns

How can global firms provide benefits to each territory equitably?

Latest HR Jobs

AskHR Helpdesk Administrator (108970-0224)

University of Warwick – Human Resources – Shared ServicesSalary: £23,144 to £25,138 per annum

Head of HR Operations – Michael Page – Leeds

Be part of a business that continues to grow and develop. You will be based in a regional office, and be required to travel accordingly

Assistant Director for Human Resources and Organisational Development – GatenbySanderson – Carlisle

We’re looking for a strong people professional, with an impressive operational and strategic background. You will have the confidence to play a full role in

HR Director EMEA – Black & Veatch – Glasgow

Responsible for development and execution of human resource (HR) plans to support regional leadership for Europe, Middle East and Africa in achievement of…From Black &

PUBLISHER

Peter Banks

Founder & CEO

EDITOR

Jason Spiller

DIGITAL MARKETING

Beenu Weerawardena

Hady Elsayed

SUBSCRIPTIONS

Sonja Grimes

ADVERTISING

Chris Cope

ADVERTISING SALES

Publication and Online

01454 292063   advertise@thehrdirector.com

RECRUITMENT

01454 292 069     recruit@thehrdirector.com

CUSTOMER SERVICE

01454 292 060
info@thehrdirector.com

SUBSCRIBER SERVICE

+441454292060
subs@thehrdirector.com

Read the latest digital issue of theHRDIRECTOR for FREE

Read Online For Free

Read the latest digital issue of theHRDIRECTOR for FREE

Read Online For Free