Getting ready for the GDPR – Governance and contractual requirements


Introduction

This checklist, the second in our series, sets out key questions and actions that trustees of occupational pension schemes should be addressing now in order to help ensure that their governance and contractual requirements (and those of their providers and advisers) are up to GDPR scratch. It may also be of use to employers and in-house teams holding scheme membership data.

In this edition, we cover the following:

  • Key governance obligations
  • DPOs and DPIAs
  • Trustees’ policies and procedures
  • Contractual requirements between data controllers
  • Contractual requirements between data controllers and processors
  • Summary