You are here

The new UK Data Protection Act and the GDPR

Changes in the legislative landscape for the processing of personal data

Twenty years after the first major piece of UK legislation to deal with personal data the UK now has a new focal point for information law: the Data Protection Act (2018).  The Act is the UK’s implementation of the General Data Protection Regulation (GDPR), enshrining it in UK law, clarifying the national derogations and extending data protection laws into areas not covered by the GDPR.  You can find out more about the Data Protection Act via the Information Commissioner's Office (ICO), the information regulator in the UK.

The GDPR brings new rights for individuals and greater responsibilities for organisations that manage personal data.  You can see how the IFoA has responded to these changes via our Privacy Notice and associated policies.  If we process your personal data you can review how we manage your data, how we secure it and how to exercise any of your information rights under the Act.

The principles of the GDPR

There are seven principles under the GDPR:

  • Lawfulness, fairness and transparency: the need to have a lawful basis for processing personal data and to be open with data subjects about how it will be used
  • Purpose limitation: the requirement to specify at the outset the purpose of the processing and safeguards to prevent the use of the data for other purposes without consent
  • Data minimisation: to ensure the data is adequate, relevant and limited to what is necessary for the processing
  • Accuracy: that the data is up to date, and kept that way
  • Storage limitation: the data should only be kept for as long as is necessary, and disposed of according to a set schedule
  • Security: this requires that data is held in conditions where ‘appropriate technical and organisational measures’ are in place
  • Accountability: this reflects the need to evidence compliance and take responsibility for processing data in line with the law

Individual rights

Separate provisions are made for the rights of the individual under the GDPR and the new Data Protection Act:

  • The right to be informed: the provision of clear privacy information at the point of collection
  • The right of access: the data subject's right to obtain a copy of any personal data held in a timely manner
  • The right to rectification: the right to have data corrected or completed
  • The right to erasure: the qualified right to have personal data permanently destroyed
  • The right to restrict processing: the qualified right to have processing of personal data limited or stopped altogether
  • The right to data portability: the right to have a copy of the data in a transferrable format
  • The right to object: the qualified right to have data processing stopped in certain circumstances
  • Rights in relation to automated decision making and profiling: rights around the use of profiiling and the right to challenge automated decision making

Resources and guidance

Following on from our risk alert at the start of 2018 further guidance was given in a specially commissioned event and webinar in London: 'Preparing for the GDPR'.  This session provided an overview of the key elements of the GDPR for an actuarial audience.  For guidance on specific matters relating to the position of data controllers or data processors where information is not available on the ICO website the ICO provide an enquiry service.

Research and further reading

As with any new legislation the GDPR and the 2018 Act will evolve as good practice, regulatory guidance and case law develop.  If you are interested in different perspectives on information privacy law you can sign up for updates from the ICO, or search for papers and articles on the GDPR and related matters.

Clubs and societies

As with the 1998 Act small clubs and societies will require to maintain compliance with the GDPR and the new Act.  Actuarial societies by their nature collect and store personal data and should take advantage of the guidance on the ICO website for small organisations.  The guidance around the 'Right to be informed' provides a template for a revised Privacy Notice, the means by which organisations communicate their approach to the collection and ongoing management of personal data as well as individuals rights in relation to it.  Societies should also be aware of the principles of the Act and the GDPR, in particular around purpose limitation, storage limitation and security.

Filter or search events

Start date
E.g., 23/11/2020
End date
E.g., 23/11/2020

Events calendar

  • Spaces available

    The webinar will discuss the challenges and opportunities schemes face in evaluating end game options, choosing a target state and understanding the impact this strategic decision could have on member outcomes long after the “end state” is reached. Adolfo, Kevin and Rhian bring over 60 years of experience in the industry and a variety of perspectives as scheme actuary, covenant adviser, trustee, de-risking adviser and insurer.

  • Spaces available

    Retail banking is going through a period of substantial change as it moves into the digital age. Banks have large amounts of data about their customers and about their risks. Open data application programming interface (APIs) and data science are enabling banks to use their data to offer innovative and sometimes personalised services. Data science is also adding value in risk areas such as fraud detection and cyber security. At the same time, the move to online banking is making it easier for firms including fintechs to enter banking without having to establish branch networks.

  • UK Town Hall 08:30-09:30

    Webinar
    4 December 2020

    Spaces available

    IFoA President Tan Suee Chieh would like to invite you to the Institute and Faculty of Actuaries’ (IFoA) virtual UK Town Hall 2020, hosted by Tan Suee Chieh with IFoA’s Immediate Past President, John Taylor, President Elect, Louise Pryor and IFoA Chief Executive, Stephen Mann.  

  • UK Town Hall 10:00-11:00

    Webinar
    4 December 2020

    Spaces available

    IFoA President Tan Suee Chieh would like to invite you to the Institute and Faculty of Actuaries’ (IFoA) virtual UK Town Hall 2020, hosted by Tan Suee Chieh with IFoA’s Immediate Past President, John Taylor, President Elect, Louise Pryor and IFoA Chief Executive, Stephen Mann.  

  • Spaces available

    Cash-flow driven investing is a game-changer for DB pension funds navigating their end-game. Suitable for sponsors who want to reduce risks on their balance sheets. And for trustees, it shifts the focus to providing greater certainty of returns, managing funding level volatility and ensuring they have enough income to pay cash-flow requirements.

  • Spaces available

    Patrick Kennedy, Partner at Gateley Legal and Founding Director of Entrust (a leading professional pensions trustee company), will be delivering an update on the latest legal developments during the course of 2020. With both a pensions legal perspective and over 25 years of trustee service, Patrick will seek to highlight how the letter of the law has continued to evolve against the backdrop of a difficult and challenging year

  • Spaces available

    The talk will provide an understanding of the priorities and relationships between deficit reduction contributions, in the context of wider scheme funding, and different types of value outflow from the employer based on the working party’s recently published report. 

  • Spaces available

    Running off the £2 trillion of UK corporate sector defined benefit liabilities in an efficient and effective fashion is the biggest challenge facing the UK pensions industry. Trustees and sponsors overseeing those schemes need to be clear on their target end-state and the associated journey plan – but too few have well articulated and robust plans.

  • Spaces available

    The actuarial skill set has much to offer the banking industry. So many of the skills that actuaries acquire during their working life translate across to the world of banking and yet banking is perceived as an alien environment to many actuaries. But is it?

  • Spaces available

    Covid-19 has required an urgent and cross-practice initiative to facilitate the extensive impact this pandemic has across all industries. IFoA members have been keen to contribute in a different way, so we developed the IFoA Covid-19 Action Taskforce [ICAT] to coordinate our effort, with a more efficient governance.

    We have over 500 volunteers and countless topics which we have amalgamated into 93 workstreams.