A quarter of pension schemes at risk of GDPR non-compliance
Three quarters of pension schemes are confident they will be ready for the new General Data Protection Regulation rules in May, but the remaining quarter believe they won’t meet the deadline meaning they risk breaching compliance rules, according to financial data specialist ITM.
GDPR is a major overhaul of how all businesses process and handle data, and sanctions for breaching GDPR will be much heavier than under the previous Data Protection Act.
While 75% of pension schemes said planning and preparations for GDPR is well underway, eight out of ten are either unsure or not planning to take any action at all to organise independent assessment to gauge the adequacy of their GDPR measures.
The cost of GDPR was also highlighted as an area of uncertainty for just under half (48%) of respondents, who revealed that they had no idea what implementing the new rules would ultimately cost their scheme. 42% said they expected it to cost up to £25,000.
It appears that the burden of GDPR processes is being taken on by pension scheme administrators, with 71% of respondents using their administrator to maintain a ‘record of processing activities’ and 67% to help update procedures in accordance with GDPR, such as subject access requests. Implementing data breach response plans (62%) and updating member communications (57%) were also typically cited as areas where administrators are stepping in to help with GDPR.
ITM Executive Chairman, Duncan Howorth, said: “We had previously been concerned about a general lack of readiness for GDPR amongst pension schemes, which is understandable given the near constant state of change that pension schemes are faced with in the world of pensions. So, on the one hand, it’s really positive to see that confidence is high about the ability to meet the May 2018 deadline. But the level of certainty around both cost and a lack of independent assessment still have the potential to raise issues further down the line.
“Both the implementation and maintenance of many GDPR processes will be complex and therefore demanding on time, which in itself makes it crucial for pension schemes to get a much clearer idea of the cost impact. And perhaps even more importantly, these demands highlight the need for independent assessment of GDPR processes, to ensure that valuable time is not being spent incorrectly and that unnecessary costs - and even significant penalties – are avoided further down the line.”
Breaking news
Direct to your inbox:
More
stories
you'll love:
This week's biggest stories:
This week's biggest stories:
Buy-to-let
The Mortgage Works launches sub-3% buy-to-let rates
Bank Of England
Bank of England cuts interest rates by 0.25% in three-way vote
Tax
HMRC rule change set to impact millions of landlords and sole traders
Skipton
Skipton launches Delayed Start mortgage with no repayments for three months
Barclays
Barclays launches lowest mortgage rate of the year in latest round of cuts
FCA
One in four people have low financial resilience: FCA
