From 25 May 2018 the EU General Data Protection Regulation (GDPR) introduces new legislation governing the collection, use, and processing of personal data. While many of the provisions remain the same as the existing Data Protection Act, “new elements and significant enhancements” will impose new responsibilities on schemes by granting a number of additional rights to data subjects.

Each Fire Authority is considered to be a Data Controller for pension scheme data and as such determines how, and for what purposes, data is to be processed. This page holds a collection of resources intended to provide guidance and assist FRAs in complying with the new rules.

Document

Description

Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now (PDF, 11 pages, 539kb) Information Commissioner's Office (ICO) checklist highlighting 12 steps you can take now to prepare for the GDPR
PLSA GDPR made simple guide (PDF, 24 pages, 1,190kb) Guide from the Pensions and Lifetime Savings Association
GDPR for Fire Authorities - ITM Bulletin (PDF, 3 pages, 611kb) Bulletin summarising the main changes introduced by the GDPR and practical steps for Fire Authorities to take now
Meeting GDPR and TPR Data Requirements (PDF, 109 pages, 5,680kb) Presentation slides from the event held at 18 Smith Square on 29 March 2018
GDPR FAQs factsheet (PDF, 3 pages, 171kb) FAQ document for members of the Firefighters' Pension Schemes
GAD update 24 April 2018 (PDF, 3 pages, 195kb) An overview of GAD’s readiness for GDPR
Template privacy notice (Word, 8 pages, 57kb) Template privacy notice for FRAs as Data Controllers to use/ adapt - NEW!!
Privacy notice covering letter (PDF, 7 pages, 331kb) Notes on use/ adaptation of the template privacy notice - NEW!!
GAD update 23 May 2018 (PDF, 2 pages, 186kb) A final update regarding GAD and the GDPR which comes into force this week
HMRC Privacy Notice (HTML) Privacy notice describing how HMRC collect and use personal information in accordance with data protection law 

 

For more information about GDPR, please visit the Information Commissioner's Office (ICO) Guide to the GDPR.