In a nutshell, GDPR will change how businesses handle their customers’ personal information. It will also give customers more say over how their data’s used and stored.
Here are some of the things you need to consider as part of your GDPR requirements:
We’ve pulled together experts from across the Royal London Group and created a Data Governance project team to tackle the GDPR changes.
We’ve updated our privacy notice to explain:
Customers can read our privacy notice by visiting royallondon.com/privacynotice.
We take our data protection responsibilities very seriously. We always handle personal information with great care and only use it when we have a clearly identified legal basis.
When dealing with trustees and non-auto enrolment schemes, Royal London is the independent data controller. The agreement we have, allows us to decide what data we need to administer schemes and how we use the personal information we collect.
A data processing or any other legal agreement between us isn’t needed. This is because we’re not processing information under your instruction (as a data processor) or agreeing what data is collected and how it’s used together (as joint data controllers).
Our privacy notice explains more about how we collect, store and use your employees’ personal information.
GDPR applies to ‘data controllers’ and ‘data processors’. The diagram below explains the difference between ‘data controllers’ and ‘data processors’ and our responsibilities under both roles:
The data controller determines the means and purpose of processing personal information. They can use a data processor to provide expertise, but the data controller has the final say in what happens with this personal information.
The data processor is responsible for using personal information in line with instructions from the data controller.
When Royal London receives your auto enrolment workforce assessment data they become the data processor.
Once your employees are scheme members, Royal London then becomes the data controller.
We’re responsible for deciding why and how personal information is used. This makes us the data controller.
You're the data controller for the information you share with us. You're also the data controller for the information we share with you to help run your workplace pensions - for example when we tell you about:
For more information about GDPR and a full list of your responsibilities, please go to ico.org.uk.