The workplace pensions sector should be given exemptions from tough new data protection rules to enable providers and trustees to continue to run engagement programmes designed to improve retirement outcomes says Scottish Widows.
Widows argues that the new General Data Protection Regulation (GDPR), which takes effect from 25 May 2018, will severely restrict providers from being able to deliver bulk emails to scheme members, reducing their opportunity to engage with them.
The provider argues that the Department for Work and Pensions and the recommendations of the Financial Advice Market Review have both called for providers to do more to engage people with their workplace pensions, but says the hefty fines for breach of GDPR – which can rise to up to 4 per cent of an organisation’s global turnover – could lead to most providers shying away from engagement programmes that could be perceived as breaking the rules.
GDPR erases all permissions to hold and use data that have been obtained under the Data Protection Act 2003, and requires new permissions to be sought from individuals.
New contracts between anyone holding member data – including scheme administrators, employers, pension consultants, actuaries, auditors and providers – where data is not exchanged in anonymised form.
Under the new rules requests for consent must be separate from other terms and conditions, pre-ticked opt-in boxes are not allowed, and any third parties potentially using the information must be specifically named. Different consents are required for different media – such as mobile phone and email, and individuals must be able to withdraw consent easily.
Scottish Widows head of policy, pension and investments Peter Glancy says: “GDPR means we can’t do a lot of the things that you might want to be able to do to bring people to better outcomes.
“The permissions that we have captured under the old contract, under the Data Protection Act 2003, will cease to be valid from next May. So in future we will not be able to speak to old customers we are currently allowed to speak to.
“The Department of Health and the Home Office have both got derogations where the rules will not apply, for example in relation to criminal convictions and health issues. We think the Treasury, Department for Work and Pensions and FCA need to push for the same sorts of derogations for advice and pensions.
“If the Treasury and DWP want to get people to increase their pension savings, and get the best out of the products that they have already got, they need to sort something out. The derogations would have to be very specific. For example you would not be able to cross sell life insurance to pension customers, but you should be able to talk about whether people are on track to target the retirement that they want, or are in the right products, or are planning their retirement journey. Increasing contributions should be allowed – although that said, under current rules we cannot write to people in a bulk mail and suggest they increase their contributions.
“The maximum fine is in the hundreds of thousands of pounds under the current rules. From next May it will be 4 per cent of global turnover, which is such a massive potential find that nobody is going to go anywhere near crossing the line and taking a chance with this.”
F&TRC director Ian McKenna says: “We were due a paper from the FCA on this but it is yet to appear, and time is pressing on. GDPR will drive a need for the industry across the board to provide far more relevant personalised information to consumers that is so engaging that they want to give consent. You can say the vale of your pension is X’, but I will leave whether you can say ‘and you are 60 per cent towards your target retirement figure’ to the lawyers.
“But I don’t see why policymakers would give the life insurers an exemption on this. They need to make their communications engaging enough that people do give consent.”