Client feedback

I work with Wayne and Kirsty. They really understand our business - they work with the company while retaining independence and ensuring compliance. They are a joy and pleasure to work with.
Neil McCawley ,
Ferguson plc
Very broad, comprehensive trustee training course covering a wide range of topics. Excellent!
Tom Graham,
Star Group Pension Scheme
The trustee training course lecturers' explanations and willingness to answer questions were most valuable - even silly ones - although I have learnt there are no 'silly questions' that trustees should ask.
I found the trustee training really beneficial, highly recommended. I am not a trustee, I represent the employer and I think it will be valuable for me in future, having a better understanding of the trustees' perspective.
Dave Strain,
Royal Yachting Association
Many organisations and people provide the services that clients need. In my opinion, the differentiator is in the way those services are provided and to that extent, Kathy embodies the qualities that I have come to value from PSITL. Kathy is organised but not fussy; diligent but not dogmatic; persistent without being pushy and compliant in a pragmatic way. Whilst she takes ownership and drives issues forward, Kathy is a team player who uses her and her colleagues experience to provide services to her trustee client whilst working closely with those like me representing the sponsoring employer. She works collaboratively with advisers but constructively challenges the scope of services, fees and service standards whenever necessary and makes sure that member needs are always taken into account. I enjoy working with her and trust that she will deliver what is required by the trustee and the members they represent in a manner satisfactory to the sponsoring employer.
Stuart Barker,
Internal Pensions Consultant, RSPCA
Mark Fletcher - excellent independent trustee, personality and high standards.
Sukhjit Dhillon ,

Data sharing: a code of practice

The data sharing code of practice laid before parliament in May 2021 is now in force. The code is a practical guide on sharing data lawfully and in a fair, simple, transparent way. All pension trustees as data controllers, whether lay or professional, need to be aware of the new code and requirements when sharing data to or from third parties. Read on for everything trustees need to know…

What data can be shared under the code?

The code covers the sharing of personal data between organisations that are data controllers. The code does not cover sharing data with data processors, as they have their own duties to comply with.

For pension trustees, it is normal practice to share personal member data with joint data controllers such as the employer/sponsor and scheme actuary, subject to having data sharing agreements in place. The code sets out the requirements of sharing data with a third party by whatever means including transmission, dissemination or otherwise making it available. The scope of the code is wide and could easily catch trustees out.

A one-way or reciprocal exchange of data between organisations is caught by the code, whether this is a one-off exchange or a routine exchange carried out on a regular basis. However, the code only applies to sharing personal data. If the data being shared does not identify anyone (e.g. membership statistics only) then it is not covered by the code. However, care needs to be taken when personal data is anonymised or pseudonymised prior to being shared. This is still likely to be caught by the code if an individual can be identified when combined with other data.

Things pension trustees should consider before sharing data:

  • Does it comply with data protection law?

  • Have you assessed the risks of sharing the data by undertaking an impact assessment? (DPIA)

  • Have you put in place a data sharing agreement?

As a trustee, have you followed the key principles of data protection prior to sharing data?

  • Accountability - data controllers are responsible for compliance - can you demonstrate this?

  • Fairness and transparency - is the data being shared in this way?

  • Lawful basis - what is the legal justification for transferring the data?

  • Secure processing - personal data must be processed securely - do you have appropriate technical and organisational measures in place to achieve this?

  • Due diligence - have you checked how the receiving organisation secures the personal member data it receives and what organisational measures they have in place? This is particularly important when transferring data overseas.

    If in doubt, don’t risk it

    As professional trustees, we are increasingly vigilant about the data we share with other organisations and fully support the code. The key question to ask is “is it necessary to share personal member data?”. Often, the answer is no. But, if the answer is yes, you need to ask “how can I do so securely, proportionately and in compliance with the code and the Data Protection Act 2018?”.

    The risk of non-compliance to member security is huge, as is the potential for reputational damage and financial penalties in the event of a data breach. Summed up, pension trustees should remind themselves “if in doubt, don’t risk it”.



    Back to opinions


Hot topics

Preparing for battle - ’governancing up’ for current conditions…
Image of Hot Topic author Sophia Harrison, Client Director

It’s finally happened. Around 20 years since the dawn of liability driven investment (LDI), the...

Read more »

What can pension schemes do to improve their investment strategy? A focus on real assets
Image of Hot Topic author James Double, Chief Operating Officer

I recently took part in a webinar with Owen Haggith-Khonje, Managing Director from SEI...

Read more »

More opinions »

Call: 0118 207 2900

online enquiry