Brexit is unlikely to water down tougher European Union (EU) data standard requirements for UK trustees, according to a legal expert.
At a Pensions Management Institute (PMI) administration seminar on 20 March, Nabarro partner Kate Richards said it was hard to see there being no data transfers between the UK and EU even though details of the future relationship remain uncertain.
This means trustees and companies with over 250 employees will probably have to follow the EU's General Data Protection Regulation (GDPR) or implement an equivalent system.
It will put more obligations on third-party administrators (TPA) and trustees to protect member data with a maximum fine of €20m (£17m) for a company in breach of GDPR.
Richards said: "Thinking about this long term we will probably still want to have some type of relationship [in terms of trade and commercial ties] with the EU so we will have to implement this or have an equivalent when we handle data of EU citizens.
"There will be distinctly new obligations for trustees to follow such as reporting a material data breach to the relevant regulator in 72 hours and informing members of what has occurred."
When GDPR comes into force, existing contracts between trustees and any administrators which handle data security issues will be "reviewed, reconsidered and expanded", she added.
However, it would be helpful to have some guidance to help the industry grasp how GDPR should be understood in the context of pensions.
"The fine [of 4% of a firm's turnover] needs to be translated in a pensions context," said Richards. "The other aspect is trustees have to get consent from existing members about how they use their data. How are they going to get consent from members for that data and if they cannot get consent, is there a way around this?"
Nabarro partner Lee Gluyas, who also spoke at the seminar, added: "Cyber risk has to be taken seriously and like any risk it can be managed if proper processes are put in place."
The Pensions Regulator (TPR) has substantially increased the usage of its powers against trustees – posting a sharp rise in the use of formal information gathering powers and High Court production orders during the three months to the end of September....
The Pension Schemes Bill has completed its third reading, crossing its latest hurdle in the House of Commons.
An amendment to the Pensions Schemes Bill which would have seen people given a pre-booked Pension Wise appointment ahead of accessing their retirement savings has been defeated.
A proposal to ensure savers receive a Pension Wise appointment prior to accessing their retirement pot has received cross-party support in parliament, while Labour seeks net-zero pensions by 2050.
Pension scams are not just about the money lost, but the lives devastated, says Nicola Parish, so the industry must unite to defeat this scourge.