“PSGS was chosen because of their knowledge of the subject and awareness of our particular schemes.”
“Thanks for all your help!”
“I wanted to look at the effectiveness of our trustee board, so Gillian, our PSGS scheme secretary, provided their trustee self-assessment tool to help me gather thoughts and opinions from others on the board. The tool was extremely easy to use and asked all the right questions to help me collect the information I needed as Trustee Chair. It is a great example of the way PSGS shares knowledge with their clients and makes dealing with key governance issues easy. As well as enabling me to meet one of the Regulator’s 21st century trusteeship requirements, using the tool has flagged trustee training needs and ways we could improve trustee meetings further. ”
“They are very proactive and full of new ideas, they've brought better scheduling and better minute sets.”
“PSGS offered the right support at very short notice, at reasonable cost, when we really needed it”
“In any major corporate transaction, time is of the essence. PSGS's pragmatic commercial approach helped us manage the pensions aspects of our group re-structure to ensure a positive outcome for all parties. ”
I’m sorry to bring back the agonies of this time last year, but as pension trustee secretary I’ve started the first review of my clients’ GDPR policies. These are due to be completed within the next few weeks and, so far, I’ve found a couple of changes that I have recommended to my clients.
Over the top actions aren’t needed
The first change is to tweak the wording around breaches so we could avoid a full-blown crisis meeting when in fact the breach was very minor and it was a no-brainer that no report to the Information Commissioner’s Office (ICO) was needed.
Fortunately, I haven’t experienced any major breaches during the year (touch wood that continues) but I have found administrators are rightly reporting every minor breach. When a breach is obviously minor and only involves one or two individuals, it is clearly disproportionate to lodge a report or indeed to involve the full pension trustee board in reaching this decision. One of my clients agreed to amend their policy so, in such cases:
Talking of no-brainers…
The second change relates to the ICO’s recommendation for data controllers to complete a three part test when they rely on legitimate interests as their grounds for data processing (see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/). This isn’t a GDPR requirement and so isn’t essential, but it is seen as best practice. Frankly, when dealing with pension schemes, the responses to the ICO’s list of questions show it is a no-brainer that processing data is in the members’ best interests.
I drew up a note to record the trustee’s responses to the test and its conclusion. A simple way to deal with something you could find pension administrators or lawyers over-complicate.
Although GDPR may still feel like a fresh wound, this is a good time to check everything remains fit for purpose.