Legal Landscape

From 25 May 2018 the EU General Data Protection Regulation (GDPR) introduces new legislation governing the collection, use, and processing of personal data. While many of the provisions remain the same as the existing Data Protection Act, “new elements and significant enhancements” will impose new responsibilities on schemes by granting a number of additional rights to data subjects.

Each Fire Authority is considered to be a Data Controller for pension scheme data and as such determines how, and for what purposes, data is to be processed. This page holds a collection of resources intended to provide guidance and assist FRAs in complying with the new rules.

Document Description
Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now (PDF, 11 pages, 539kb) Information Commissioner's Office (ICO) checklist highlighting 12 steps you can take now to prepare for the GDPR
PLSA GDPR made simple guide (PDF, 24 pages, 1,190kb) Guide from the Pensions and Lifetime Savings Association
GDPR for Fire Authorities - ITM Bulletin (PDF, 3 pages, 611kb) Bulletin summarising the main changes introduced by the GDPR and practical steps for Fire Authorities to take now
Meeting GDPR and TPR Data Requirements (PDF, 109 pages, 5,680kb) Presentation slides from the event held at 18 Smith Square on 29 March 2018
GDPR FAQs factsheet (PDF, 3 pages, 171kb) FAQ document for members of the Firefighters' Pension Schemes
GAD update 24 April 2018 (PDF, 3 pages, 195kb) An overview of GAD’s readiness for GDPR
Template privacy notice (Word, 8 pages, 57kb) Template privacy notice for FRAs as Data Controllers to use/ adapt 
Privacy notice covering letter (PDF, 7 pages, 331kb) Notes on use/ adaptation of the template privacy notice 
GAD update 23 May 2018 (PDF, 2 pages, 186kb) A final update regarding GAD and the GDPR which comes into force this week
HMRC Privacy Notice (HTML) Privacy notice describing how HMRC collect and use personal information in accordance with data protection law 
ICO detailed guidance on Right of Access (HTML) At the end of October the Information Commissioner’s Office (ICO) issued a new statutory code of practice on data subject access requests (DSARs).


For more information about GDPR, please visit the ICO Guide to the GDPR.