Pensions - Articles - Schemes risk missing data complaint rules before deadline


With one month to go until the 19 June deadline, ZEDRA, is urging pension schemes to ensure they are compliant with new statutory requirements governing the handling of member data complaints.

The changes arise under the Data (Use and Access) Act 2025 (DUAA), which applies to all organisations acting as data controllers, including pension scheme trustees, and introduces new requirements around the handling of data protection complaints from members.

Under the new regime, schemes must ensure members are able to raise data protection complaints directly, that complaints are acknowledged within 30 days, and that they are handled appropriately and without undue delay. *

Lauren Shipman, Trustee Executive, at ZEDRA Inside Pensions said: “For many pension schemes, the work required to comply is relatively modest, typically involving updates to existing complaints procedures, privacy notices and governance documentation. However, there is concern that the changes may have gone under the radar for some schemes amid wider regulatory pressures and competing governance priorities, and that some may need to establish new documented complaints-handling processes. And although modest, this is important governance work that trustees cannot afford to overlook.

“In instances where schemes have outsourced administration to third-party providers it’s important to be satisfied that compliance is being appropriately managed. Ultimately, accountability rests with trustees, and this can create potential governance and oversight risks where responsibilities, procedures and reporting lines have not been clearly reviewed. Trustees should seek confirmation from their administrators, where applicable, on what changes have been made and whether governance arrangements remain compliant. If these issues are not addressed, it could increase the risk of complaints escalating to the Information Commissioner’s Office (ICO), the Pensions Ombudsman, or broader governance scrutiny.”

Shipman added: “If complaints emerge later and trustees cannot evidence proper procedures, it could quickly open a can of worms from a governance and reputational perspective. With that in mind, trustees should now be using the remaining time before the rules take effect to review existing data complaints procedures, ensure member-facing privacy notices and governance documentation are updated where necessary, and confirm responsibilities with third-party administrators and processors.”

Back to Index


Similar News to this Story

Pensions Commission findings buck received wisdom of success
The Pensions Commission has today published its interim report on the state of retirement saving in the UK, setting out the key challenges facing the
Hard Rain: Building climate resilience before the storm
Pension Insurance Corporation plc ('PIC'), has warned that parts of England could risk becoming unviable for future infrastructure and housi
Schemes risk missing data complaint rules before deadline
With one month to go until the 19 June deadline, ZEDRA, is urging pension schemes to ensure they are compliant with new statutory requirements governi

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.