Trustees that avoid putting in place plans around GDPR breaches could be putting "member data at risk”, it has been said.

Pension administration specialist Trafalgar House has warned that trustees must have a response plan to deal with any data breaches, with few schemes having begun work on them.

The warning comes two months on from the implementation of GDPR, which has so far been “somewhat anticlimactic”, the group has said.

Trafalgar House director, Daniel Taylor, commented: “Its real value can already be seen, as it encourages more trustees to feel genuinely accountable for data for the first time. Crucially though, increased action must go hand in hand and response plans are far more important for members than general GDPR policy - but few schemes have actually begun work on them, because they often simply don’t know where to start.

“Like so much around GDPR, data breach response plans can be overcomplicated, so for many trustees it’s about breaking things down into distinct actions.”

Taylor recommends simple steps such as creating a definition around what a breach is; a framework to decide what needs to be escalated and when; strategies for containing breaches; a strong communication plan and details around how to the record breaches.

“Trustees cannot avoid putting these plans off - as with most things, delay makes the process no easier and could even put member data at risk. Data breach response plans needn’t be cumbersome, but they can involve complex processes and difficult decisions, so trustees would be naive to think it is something that can be done in the spur of the moment, ” Taylor added.

In May, a PLT survey found that just 4 per cent of defined benefit trustees highlighted GDPR compliance as their main worry.

Share Story: