There is no certainty if trustees will know they have to comply with forthcoming European Union (EU) data regulations says Robin Ellison.
Speaking at a Pensions Management Institute (PMI) seminar on 5 July, the Pinsent Masons partner (pictured) observed Brexit has created questions around the use of data standards for the sector.
The EU's General Data Protection Regulation (GDPR) which came into force on 24 May 2016 and is meant to apply from 25 May 2018 may longer apply to the UK given it is set to leave the EU in the coming years.
It is meant to create one regulation to protect all data rights of EU citizens across the block.
Ellison said: "We don't know what the new risks are as we are living in uncertain times."
The maximum fine for a company which breaches GDPR is €20m (£17m) or up to 4% of total worldwide annual turnover of the preceding financial year.
The lower-tier fine is €10m or up to 2% of the total worldwide annual turnover of the preceding financial year.
All firms must inform the relevant data authority about a data breach within 72 hours under GDPR.
Under Britain's data protection act the UK's Information Commissioner Office (ICO) can issue a potential fine of up to £500,000.
Ellison added: "The big change is you have to tell the regulator [the ICO] if there has been a data breach. Regulators [across all aspects of financial services] are starting to get intoxicated with fines and costs of doing business are probably going to increase. There is a risk if you are a large company they [ICO] might try to make an example of you."
The knock on effect for trustees and third party administrators could be stark in terms of fines.
"Data is the one area where it does all go wrong. In the past there have been pensions data cases where people have been fined but the fines were manageable. This could change," Ellison continued.
Whether GDPR will apply to the UK remains to be seen but Ellison warned: "The assumption is it is going to bite because even if we leave we will have to have an equivalent [set of data standards] in the UK."
The Pensions Regulator (TPR) has substantially increased the usage of its powers against trustees – posting a sharp rise in the use of formal information gathering powers and High Court production orders during the three months to the end of September....
The Pension Schemes Bill has completed its third reading, crossing its latest hurdle in the House of Commons.
An amendment to the Pensions Schemes Bill which would have seen people given a pre-booked Pension Wise appointment ahead of accessing their retirement savings has been defeated.
Technology platform PensionSync has partnered with quantum employment pioneer My Digital to help contractors and employers manage pensions as more workers do temporary work for multiple firms.
A proposal to ensure savers receive a Pension Wise appointment prior to accessing their retirement pot has received cross-party support in parliament, while Labour seeks net-zero pensions by 2050.