GDPR (the General Data Protection Regulation) is an EU data protection regulation, applicable across the EU on 25 May 2018.
The UK Data Protection Bill is different to the GDPR. This will fill the gaps and permitted derogations in the GDPR such as covering data processing in law enforcement and the intelligence services. The UK Data Protection Bill will also attempt to ensure that on leaving the EU, the UK has adequate data protection provisions. This does not yet have an implementation date.
What information does GDPR apply to?
The GDPR protects personal data, which is any information from which a data subject can be identified. The GDPR also refers to special categories of personal data.
What are the principles of GDPR?
- Data must be processed lawfully, fairly and in a transparent manner
- Data must be collected for specified, explicit and legitimate purposes
- Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected
- Data must be accurate and kept up to date
- Data must be kept for no longer than is necessary
- Data must be processed in a manner that ensures appropriate security
What is NOW: Pensions doing to ensure compliance with GDPR?
NOW: Pensions takes data protection very seriously and as a result, we have an updated programme in place for GDPR.
A new version of our client participation agreement has been released which contains updated data protection provisions covering GDPR. If you are an existing client and have not received an email detailing these changes please visit nowpensions.com/participation-agreement.
There is a Data Protection Notice which contains additional information and can be viewed in your Gateway account.
You can access your Gateway account by following the steps on this page nowpensions.com/your-member-account/
Where can I find further information?
The NOW: Pensions website will be updated as new documents are released.
For further information on GDPR please refer to the Information Commissioner’s Office at ico.org.uk.