Data protection

These pages are for employer use only. Member information can be found on the home page.

New standards of data protection came into force on 25 May 2018. These were called the General Data Protection Regulations (GDPR). GDPR modernised the existing Data Protection Act (now Data Protection Act 2018) to ensure an individual’s personal data is held and processed in a way that's safe and secure.

As the administering authority, and data controller, we've taken steps to make sure we are compliant with the GDPR when processing personal data. It's also important that we comply with our legal obligations.

The reason we hold information is so we can contact members, work out and pay their benefits, manage our liabilities and administer the fund generally.

As part of the process we've introduced a memorandum of understanding. The aim of this document is to explain that scheme employers don't need a data sharing agreement to share data with us. This is because both we are both considered to be data controllers under GDPR.

It's important that you read the memorandum of understanding and make sure you're compliant with it.

You may also wish to read our privacy notices (either in full or summary). The aim of these documents is to set out our responsibilities and obligations when handling and processing member/stakeholder personal data.

The notices also include what information we hold, who it is shared with and what rights the members have in relation to accessing the data.