Over the last year there have been a number of important data protection developments, including: Brexit, Schrems II and new draft standard contractual clauses for international data transfers. These developments have an impact on pension schemes since trustees, as data controllers, are under a legal obligation to ensure the secure transfer and processing of personal data. Members’ personal data is transferred to third parties in a variety of contexts, such as processors, sponsoring employers or a parent company. Third parties may then transfer data onwards, i.e. to sub-processors. Therefore, data processing agreements and the mechanisms used for transfers to third parties should be reviewed by trustees to ensure compliance with applicable data protection legislation in light of the developments outlined above.
You can read the full legal update here >>