Part 1 - Design Flashcards
What must Trustees and administrators ensure that admin systems provide
π€ Reliability
π€ Flexibility
π€ Security
List the basic system requirements for a DB Scheme
π€ Production of letters and emails
π€ Production of benefit statements
π€ Data extracts for actuarial valuations and scheme accounts
π€ Data extracts for HMRC returns and reports
π€ Operation of a payroll facility and production of P60s for pensioners
π€ Monitoring of work within the administration function (workflow)
π€ Electronic scanning and storage of documents
π€ Electronic transfer or submission of data between parties
π€ Accuracy - ability to produce a warning message for members with special circumstances
How often does tPR suggest data quality should be reviewed?
On an annual basis
What are the two types of pension data
π€ Common data
π€ Scheme-specific data
How long should pension schemes hold member data?
π€ a minimum of six years after the member is no longer entitled to any benefit under the scheme
List the Common data items for all schemes:
π€ NI Number
π©Ά Surname
π€ Forename/ Initial
π©Ά Sex
π€ Date of birth
π©Ά Date started pensionable service/ policy/ contributions
π€ Expected retirement date/ Target retirement date
π©Ά Membership status
π€ Last status event
π©Ά Address
π€ Postcode
What three things should a computerised system provide?
- Reliability
- Flexibility
- Security
Basic system requirements for DC schemes
π€ Member details
π€ Contributions and Units
π€ Switching & Lifestyling
π€ Charges
π€ Calculations
π€ Reporting
What acts govern Data protection?
The European Union General Data Protection Regulation (EU GDPR)
enacted in UK through Data Protection Act 2018 (DPA 18)
When did the European Union General Data Protection Regulation (EU GDPR) come into effect?
25 May 2018
What does DPA make provision for?
π€ the regulation of the processing of personal data relating to individuals which includes:
- obtaining
- holding
- use or disclosure
What is personal data?
π€ any information relating to an identified or identifiable natural person
How may the identification of an individual for personal data be done?
π€ Directly: eg a name
π€ Indirectly: eg a number that can be used to look up a name
What identifiers may an individual be identified by?
π€ IP address
π©Ά Name
π€ Address
π©Ά NINO
π€ Email address
What does βspecial categories of personal dataβ replace?
π€ sensitive personal data
What can βspecial categories of personal data β include
π€ Health data
π€ Sexual orientation
What are the Six Data Protection principles
π€ Lawfulness, fairness and transparency
π©Ά Purpose limitation
π€ Data minimisation
π©Ά Accuracy
π€ Storage limitation
π©Ά Integrity and security
What is the definition of a data βcontrollerβ
π€ Data controllers determine the purpose and means of processing data
π€ The controller is responsible for demonstrating compliance with the data protection principles
What is the definition of a data processor
π€ Data processors process the data on behalf of the data controllers
What is the right that members have to access their data known as?
Subject Access Request
What is the period to supply data from a Subject access request?
π€ One month
π€ Supplied at no cost
What may a trustee do if subject access requests from a member are unfounded or excessive?
π€ Charge a reasonable fee taking into account the administrative charges
π€ Refuse to act on the request
Who may be fined for not complying with DPA18
π€ BOTH the data controller and data processor
What is the maximum penalty to non compliance with DPA18
Higher of:
π€ Β£17.5m or
π€ 4% of worldwide annual turnover
What Bill have the government announced that will restructure the ICO (Information Commissioners Office)
π€ Digital Information and Smart Data Bill
