Data Protection
As both the Fund and the employers hold large amounts of personal data, it is clearly important to ensure that the data is protected, particularly when it is being sent between employers and the Fund, not just in the interests of members, but also to be complaint with Data Protection legislation. The Fund's approach to Data Protection is held within its Data Protection Policy.
The two most common ways for transporting data between employers and the Fund are:
a). i-Connect: For employers which have onboarded & use personal logins; and
b). Email (with password protection, if necessary, for personal data).
Sufficient security should be ensured when sending personal data over email. Normally, this will mean- ensuring that personal data is contained within a password protected attachment and only sent between the employer's authorised contacts and the Fund's officers. However, if the employer uses a 'white-listed' email address which has security compatibility with 'gov.uk' the email addresses used by the Fund, then it may be possible to send the personal data without password protection. To avoid the normal difficulties with passwords being lost or not exchanged, the Fund has set up a process whereby it determines the password for each employer to use for all correspondence. The password will periodically be updated. For efficiency purposes, please adhere to this approach.
Pension Administration Strategy & Memorandum of Understanding (MOU)
The Fund has produced an Administration Strategy and employers are encouraged to familiarize themselves with this important area to ensure that they are clear what personal data they need to provide and when and how they should provide it.
Since the General Data Protection Regulations (GDPR) came into force, the Fund has also sought to enter into a MOU with all Scheme Employers for the following key purposes:
a). To detail the basis on which data will be shared between the Fund and the employer;
b). To outline the Fund's expectation of the Scheme Employer during their participation in the Fund; and
c). To state that it considers the Fund and each Employer to be Joint Data Controllers (as defined under GDPR).
Generally speaking, the Fund and its employers need to exchange relevant personal data in order to administer the Scheme in accordance with the prevailing LGPS regulations and other relevant pension legislation and consequently such exchanges of data will not need explicit consent from the member.
Employers who act in accordance with the Administration Strategy & WPF Memorandum of understanding (Word doc, 32 KB)(opens new window) documents will be ensuring that they are compliant with all relevant legislation.
We require employer's acknowledgement that they support and follow the information set out in our WPF Memorandum of understanding (Word doc, 32 KB)(opens new window)
Data Retention
Due to the long-term frames involved in administer a member's pension, the Fund typically needs to hold personal data for significant periods of time.
The Fund's strategy is to recommend to employers that they retain data for their members for up to a maximum of 28 years (or 15 years after an employee has left).
Employers are required to provide the Fund with their data retention policy by emailing Richard Bullen, Fund Performance & Governance Manager, via richard.bullen@wiltshire.gov.uk.
If you do not currently have a data retention policy, you can download and complete the generic Employer data retention policy template (Word doc, 26 KB)(opens new window).
Share this page
