Pension trustees hold a large amount of member personal data and have legal obligations as data controllers. New significant changes to data protection legislation will impact trustees and members.

Pension trustees have until 25 May 2018 to get ready to comply with the General Data Protection Regulation (GDPR). This will replace existing data protection legislation across Europe. The GDPR brings in new rights for individuals and places more onerous obligations on pension trustees in relation to their handling of personal data. The GDPR also brings in significantly increased sanctions for data protection breaches, with potential fines up to up €20 million or 4% of global turnover.