Agenda item

(To receive a report and presentation by Yunus Gajra, Business Development Manager from West Yorkshire Pension Fund, on the data cleansing activity undertaken as the Fund's administrator and the common data requirements of the Pensions Regulator)

The Board considered a report by Yunus Gajra (Business Development Manager, West Yorkshire Pension Fund) which presented the data cleansing activity undertaken by West Yorkshire Pension Fund, as the Fund's administrator, including the common data requirements of the Pensions Regulator.

Mr Gajra introduced the report and gave a presentation on General Data Protection Regulations (GDPR) highlighting the following areas:-

·       What is it?

·       BREXIT – does GDPR still apply?

·       Data Protection Roles – Information Commissioner; Data Controller; Data Processor; and Data Subject;

·       Data Protection Principles;

·       Individual Rights – to be informed; of access; to rectification; to erasure; to restrict processing; to data portability; to object; in relation to automated decision making and profiling;

·       Changes under GDPR – breach notification; right access (SARs); right to be forgotten; data portability; compliance by design (major change); inclusion of data protection from the onset of designing systems, policies and procedures including Private Impact Assessments (PIAs); and Data Protection Officer;

·       Changes under GDPR – Privacy Impact Assessments (PIA); Privacy Statement; Fair Processing Notice; Consent; Children's data and Overseas members;

·       Sanctions for Non-Compliance – a warning in writing of first and non-intentional non-compliance; regular periodic data protection audits; a fine of up to €20m or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.  It was noted that LCC would be responsible for the fine as the Data Controller;

·       What are we doing? – map out where data is gathered, held and processed; undertake Privacy Impact Assessments; Staff Briefings; Collaboration with other pension funds; Collaboration with CBMDC Information Governance team; Educating employers (AGM/Forum); Data Cleanse review; Contract/Data Sharing Review; Working with Civica;

·       Questions?

During discussion, the following points were noted:-

·       The Board indicated concern at the huge exercise involved in gathering the required information due to the new regulations;

·       It was reported that implied consent was no longer possible and forms would be sent to all existing members asking them to give written consent to use personal information.  The Board was asked to note that this may impact on the administration costs of the fund;

·       There were in the region of 3400 leavers forms outstanding from LCC and, as a result, WYPF did not have up-to-date information for those people;

·       Common data and conditional data testing were undertaken by WYPF internally and it was confirmed that there were 12,000 cases which did not satisfy the requirements and for which an external bureau would be engaged;

·       Both common data and conditional data for Lincolnshire had been satisfied with the exception of the leaver data previously reported;

·       It was suggested that the Pensions Regulator be made aware of the outstanding information and it was explained that as this was a small percentage of the full membership this was unnecessary.  The Pensions Regulator recognised the complexities of public sector funds;

·       Although the new regulations were accepted from the perspective of the individual, Pension Funds were in a difficult position as records had to be kept, in some cases, for decades to ensure payment could be made or to answer any member queries;

·       Should a member "request to be forgotten", the implications of doing so would be explained to them, including the inability to make future pension payments.

RESOLVED

          That the Pensions Administration Data report and presentation in relation to General Data Protection Regulations (GDPR) be noted.

At 11.30am, the Chairman adjourned the meeting for a comfort break.

At 11.35am, the meeting was reconvened.