The UK Data Protection Bill, which has become the Data Protection Act 2018, introduced GDPR into UK law and the 2018 Bill provides clarification for some of the terms that appear in the GDPR. Therefore, the UK GDPR should be read alongside the Data Protection Act 2018.
At Avon Pension Fund, the protection of your personal information is of utmost importance. We know that our members trust us to manage their information with care, consideration, and confidentiality. We want you to know that we are committed to doing just that.
That’s why it’s important to uphold that responsibility and commitment and to make sure you know when, why and how your personal information is being collected and used. We do this through our privacy notice which we regularly update and is designed to give you information about the data we hold about you, how we use it, your rights in relation to it and the safeguards that are in place to protect it.
It’s also important that you know when and why your data is being stored. You can find this information in our retention policy. This policy document sets out the measures adopted by the Fund to comply with the principles of the UK General Data Protection Regulation (GDPR) in relation to personal data that it holds.
The main legislation we rely on to govern your personal data is the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We know that understanding data protection legislation can be difficult, so we’ve put together a list of frequently asked questions (FAQs) and answers to help.
GDPR frequently asked questions (FAQs)
What is the UK GDPR?
What is personal data?
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Why does Avon Pension Fund hold my personal data?
LGPS funds require various pieces of personal data provided by both the individual, member and their employer in order to administer the pension scheme. This data includes, but is not limited to, names, addresses, National Insurance numbers and salary details which are required to maintain scheme records and calculate member benefits.
How will you use my personal data?
We set out how we will use your data in our privacy notice. This notice describes how we collect and use personal data in accordance with data protection legislation.
What are the UK GDPR's key principles?
The UK GDPR states that personal data must be:
- processed lawfully, fairly and in a transparent manner
- collected only for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and kept up to date
- held only for the absolute time necessary and no longer
- processed in a manner that ensures security of the personal data.
What is the Freedom of Information Act (FOIA)
You have the right to ask to see recorded information held by public authorities. The Freedom of Information Act (FOIA) gives you the right to see information.
There is a different way to make a request if you want information that an organisation holds about you. This includes things like your health records or credit reference files. This is classed as a Subject Access Request (SAR).
A SAR is a request made by or on behalf of an individual for the information which they are entitled to ask for under Article 15 of the UK GDPR.
How do I make a Freedom of Information or a Subject Access Request?
You can submit your request using the Bath and North East Somerset website
National Fraud Initiative
The Cabinet Office runs the National Fraud Initiative (NFI), an exercise that matches electronic data within and between public and private sector bodies to prevent and detect fraud.
The Avon Pension Fund is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
More information can be found on the Cabinet Office website
National Insurance Database and Tell Us Once Service
The Avon Pension Fund participates in two national initiatives that involve sharing data about members – the Local Government Pension Scheme (LGPS) National Insurance database and the Tell Us Once service.
NI database
The Avon Pension Fund is participating in NI database sharing project with the other 89 LGPS pension funds in England, Wales and Scotland, in order to comply with legal requirements. These state that, if a member of the LGPS dies, it is necessary for the scheme’s administrators to know if the individual also had other periods of LGPS membership elsewhere in the country so that the right death benefits can be calculated and paid to the deceased member’s dependants.
As the LGPS is locally administered, each pension fund has its own membership records and it can be difficult to tell if an individual has other LGPS records and where these are held. To comply with the requirements set out above, a national database has been developed that will enable funds to check if their members have LGPS pensions records in other pension funds.
The database is hosted at the South Yorkshire Pensions Authority, an LGPS pension fund. The data held on the database will be processed in accordance with the Data Protection Act 2018 and other relevant legislation.
An extract of the membership information contained in the NI database will periodically be shared with the Department for Work and Pensions (DWP) so that the LGPS can join the Tell Us Once service.
Tell Us Once
Tell Us Once is a service offered in most parts of the country when an individual registers a death. When the death of an LGPS member is registered, the DWP systems will ensure that the LGPS pension fund is informed of the death, meaning that the member’s records can be processed more quickly and simply than would otherwise be the case.
For the Tell Us Once service, an extract of the database containing individuals’ NI Numbers will be securely shared with DWP every month so that they may maintain an up-to-date record of the LGPS’s membership.
As mentioned above this information sharing arrangements comply with the Data Protection Act 2018 and other relevant legislation and as this data sharing is partly being undertaken to comply with a legal requirement, it is not possible for scheme members to opt out of the data sharing.