From 25 May 2018 the EU General Data Protection Regulation (GDPR) introduces new legislation governing the collection, use, and processing of personal data. While many of the provisions remain the same as the existing Data Protection Act, “new elements and significant enhancements” will impose new responsibilities on schemes by granting a number of additional rights to data subjects.
Each Fire Authority is considered to be a Data Controller for pension scheme data and as such determines how, and for what purposes, data is to be processed. This page holds a collection of resources intended to provide guidance and assist FRAs in complying with the new rules.
|Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now (PDF, 11 pages, 539kb)||Information Commissioner's Office (ICO) checklist highlighting 12 steps you can take now to prepare for the GDPR|
|PLSA GDPR made simple guide (PDF, 24 pages, 1,190kb)||Guide from the Pensions and Lifetime Savings Association|
|GDPR for Fire Authorities - ITM Bulletin (PDF, 3 pages, 611kb)||Bulletin summarising the main changes introduced by the GDPR and practical steps for Fire Authorities to take now|
|Meeting GDPR and TPR Data Requirements (PDF, 109 pages, 5,680kb)||Presentation slides from the event held at 18 Smith Square on 29 March 2018|
|GDPR FAQs factsheet (PDF, 3 pages, 171kb)||FAQ document for members of the Firefighters' Pension Schemes|
|GAD update 24 April 2018 (PDF, 3 pages, 195kb)||An overview of GAD’s readiness for GDPR|
|Template privacy notice (Word, 8 pages, 57kb)||Template privacy notice for FRAs as Data Controllers to use/ adapt|
|Privacy notice covering letter (PDF, 7 pages, 331kb)||Notes on use/ adaptation of the template privacy notice|
|GAD update 23 May 2018 (PDF, 2 pages, 186kb)||A final update regarding GAD and the GDPR which comes into force this week|
|HMRC Privacy Notice (HTML)||Privacy notice describing how HMRC collect and use personal information in accordance with data protection law|
|ICO detailed guidance on Right of Access (HTML)||At the end of October the Information Commissioner’s Office (ICO) issued a new statutory code of practice on data subject access requests (DSARs).|
For more information about GDPR, please visit the ICO Guide to the GDPR.