We take data seriously: that is why we obtained accreditation under ISO/IEC 27001:2013, the international standard for establishing, implementing, maintaining and continually improving an information security management system. It is also why we aim to be GDPR-compliant well before the May 2018 deadline.
Our website privacy notice explains how we use your personal information.
ISO 27001:2013 Hymans Robertson’s Information Security Management System is certified to ISO 27001:2013. (Certificate Identity Number: 14125886)
We provide actuarial services to both private-sector pension schemes and local government pension funds. If you are a member of one of the schemes or funds that we advise, you can read about how your personal information is used.
Click here for private-sector pension schemes
Click here for local government pension funds
We’ve been preparing for GDPR since May 2016. Our GDPR programme is well underway and has been gathering pace over the recent months. We’re well-placed to be ready to demonstrate compliance with GDPR from May 2018. You can read our latest update to find out more on our progress.
We've also prepared some short Sixty Second Summaries on specific GDPR issues. You can read more about these below.
One of the significant changes in UK data protection law arising from GDPR is the need for greater transparency when processing personal data. Privacy notices will be an important tool in meeting the requirements. You can find out more about the privacy requirements in our sixty second summary.
For data protection purposes, actuarial firms and individual scheme actuaries (as specialist service providers) may be considered to be ‘joint controllers’ of personal data, together with the pension schemes’ trustees. The actuarial firm, scheme actuary and the trustees need to agree their respective responsibilities. You can find out more on the Joint Controller issue in our sixty second summary. Click here for private sector schemes or here for local government pension funds.
For Administering Authorities of local government pension funds, we’ve made available our view of the arrangement between us as joint controllers, where this is applicable. Click here for more details.
The European Union’s General Data Protection Regulation will (despite Brexit) replace the UK’s existing data protection legislation when it becomes applicable on 25 May 2018. Its requirements are more onerous than current rules in many areas, including higher fines for serious breaches. As data controllers, the trustees or managers of occupational pension schemes need to begin their preparations now. Find out more in our sixty second summary.
We sometimes use sub-processors to carry out data processing activities to assist us in providing our services to our clients. Click here for more details.