Almost half, 48 per cent, of pension schemes are unaware of how much the implementation of the new GDPR rules will cost them, ITM has found.
According to new research by ITM, three quarters of pension schemes have said they are confident they will be prepared for the tighter rules that are set to come into effect on 25 May 2018. While 48 per cent were unaware of the costs of GDPR, 42 per cent said they expected it to cost up to £25,000.
In addition, the same number, 75 per cent, of pension scheme respondents said that planning and preparations for GDPR is underway. Nonetheless, considering their preparedness for the new regulation, eight out of ten pension schemes said that they are either unsure or not planning to take any action at all to organize independent assessment to understand the adequacy of their GDPR measures.
Regardless of noting a degree of preparedness, just under a quarter, 24 per cent of pension schemes said they believe they either won’t meet the deadline or remain unsure of whether this would be possible.
Furthermore, ITM also noted that administrators are taking a considerable amount of the strain and lead when it comes to GDPR preparations. A total of 71 per cent of respondents are using their administrator to maintain a ‘record of processing activities’ and 67 per cent to help update procedures in accordance with GDPR, such as subject access requests. Others, 62 per cent, used their administrators to implement data breach response plans and 57 per cent to update member communications.
ITM executive chairman Duncan Howorth said: “We had previously been concerned about a general lack of readiness for GDPR amongst pension schemes, which is understandable given the near constant state of change that pension schemes are faced with in the world of pensions. So, on the one hand, it’s really positive to see that confidence is high about the ability to meet the May 2018 deadline. But the level of certainty around both cost and a lack of independent assessment still have the potential to raise issues further down the line.
“Both the implementation and maintenance of many GDPR processes will be complex and therefore demanding on time, which in itself makes it crucial for pension schemes to get a much clearer idea of the cost impact. And perhaps even more importantly, these demands highlight the need for independent assessment of GDPR processes, to ensure that valuable time is not being spent incorrectly and that unnecessary costs - and even significant penalties – are avoided further down the line.”