EU Pensions and GDPR – 12 Month Countdown Begins! General Data Protection Regulation
Wednesday, May 24, 2017
Euros, EU Pensions and GDPR – 12 Month Countdown Begins! General Data Protection Regulation
Print Mail Download i

The European Union General Data Protection Regulation (GDPR) comes into force on 25 May 2018.  Before that date, trustees of UK occupational pension plans will need to undertake some preparatory work, including:

  • Creating records of all personal data processing activities (or confirming delegation to plan administrators and obtaining confirmation that they will do this) and ensuring administration agreements reflect who is doing what,

  • Reviewing and amending agreements with other third parties,

  • If data is transferred outside of the EEA, putting in place international data transfer mechanisms,

  • Reviewing data security measures (see below),

  • Putting in place procedures for new individual rights,

  • Reviewing and amending privacy notices,

  • Assessing whether there is any ‘high risk’ use of personal data and

  • Formally adopting and rolling out new policies and procedures.

There are some obvious and less obvious pitfalls to consider here.  For example, if a trustee is on holiday outside of the EEA and picks up emails containing personal data whilst away, that will constitute transferring data outside of the EEA.

The recent global cyber attack has thrown into sharp focus the need for trustees to ensure the robustness of cyber security measures put in place by their data processors. As Investment & Pensions Europe report, there has also been a recent instance of a Belgian pension fund being subject to a cyber attack – Ogeo hack.

Where trustees access emails and documents containing personal data through their own home computers and/or personal mobile devices, there are some key issues about how this is managed:

  • Do all trustees use up to date malware protection?

  • Do the trustees have rules around the encryption of personal data?

  • Do the trustees have a formal policy covering cyber security risks or do they document a policy in a business continuity plan or risk register?

  • Is there a nominated trustee, who is specifically responsible for cyber security?

  • Has the trustee board had any training on cyber security in the past 12 months?

  • Do service level agreements require the trustees’ providers to adhere to specific cyber security standards?

  • Do the trustees have a cyber security incident plan in place?

  • Do the trustees have insurance in place that would cover a cyber security breach or attack?

  • Do the trustees use a segregated wireless network with firewalls?

© Copyright 2024 Squire Patton Boggs (US) LLP

Current Legal Analysis

More from Squire Patton Boggs (US) LLP

California Privacy Regulator Holds Townhall Sessions on Draft Rules
by: Alan L. Friel
Belgium – the Double or Triple Whammy of Employment Protection Indemnities
by: Marga Caproni
Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer
Subchapter V Debt Limit: Don’t Get Caught Assuming Congress Will Act (It Probably Will…But Still) (US)
by: Kelly E. Singer
FTC Bans Non-Competes Throughout the United States – Legal Challenges Already Filed (US)
by: Paul Erian
Workplace Harassment in Germany: Questions Over Compensation
by: Anna-Maria Hesse
When the EDPB is Weaponized, It Is Our Privacy That Is at Risk
by: Charles-Albert Helleputte
The Ohio Supreme Court Updates its Writing Manual
by: Appellate & Supreme Court Group Squire Patton Boggs
The General Code in Bite-Sized Chunks ­– Proportionality is the Special Ingredient
by: Matthew Giles
Relying on CAFA's Discretionary "Home-State" Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins