The Pensions Regulator (TPR) has begun carrying out employer spot checks to make sure employers are complying with their automatic enrolment duties and that they are giving their staff the workplace pensions they’re entitled to. According to the TPR these inspections help them to understand any challenges employers are facing, and whether TPR need to make any changes to their guidance. This also enables them to identify employers who fail to meet their duties, and take enforcement action where necessary.

TPR have confirmed that they will continue with their checks over the coming months generally sending a statutory notice to the employers they have selected ahead of their visits.

Get the process right

TPR are concerned that some employers are not following the correct procedures and during the course of their inspections have seen a number of instances of employers agreeing to opt staff out of a workplace pension before they have been enrolled. This is not in accordance with the auto enrolment rules.

According to TPR:

‘Some employers claimed they were unaware as to the formality of their duties or process they needed to follow, and had simply been trying to do their staff a favour by offering them the option of opting out up front. But whether their motivation was genuine, or whether they were simply trying to get out of paying their staff the pension contributions they were due, the result was the same – they were in breach of their legal duties. Eligible staff need to be enrolled first, and can then opt out. One of the cornerstones of automatic enrolment is capitalising on inertia, and it has proved very successful so far in helping people who might never have saved for retirement before.’

Please contact us for advice on auto enrolment.

Internet link: TPR Quarterly bulletin

Under pensions auto enrolment employers have to enrol qualifying employees into a workplace pension. Duties include paying contributions for the employee. The process of auto enrolment has been phased in from October 2012 when the largest employers had to comply with the rules. However the rules are set to change and new employers will have to comply with their automatic enrolment legal duties, as soon as they employ their first member of staff.

TPR guidance to advisers states:

‘If your client becomes an employer for the first time on or after 1 October 2017, they will immediately have legal duties for their new member of staff. These duties apply from the first day the first member of staff started working for your client. This is known as their duties start date.

Your client must comply with their duties straight away.’

In contrast to the above rule an employer who first pays an employee from 2 April 2017 onwards will have a staging date of January or February 2018 depending on when the first employee was paid.

Employers are generally able to postpone some of their auto enrolment duties for up to three months but this needs to be dealt with correctly.

Please contact us for help with auto enrolment.

Internet links: TPR guidance new employer from 1 October TPR new employer to 30 September

The government is to introduce new data protection rules under the General Data Protection Regulation (GDPR) which takes effect from 25 May 2018.

Under the GDPR businesses will have increased obligations to safeguard the personal information of individuals which is stored by the business. These rules apply to the information of customers, suppliers or employees. Generally for those who are currently caught by the Data Protection Act it is likely that you will have to comply with the GDPR.

GDPR will apply to data ‘controllers’ and ‘processors.’ Processing is about the more technical end of operations, like storing, retrieving and erasing data, whilst controlling data involves its manipulation in terms of interpretation, or decision making based on the data. The data processor processes personal data on behalf of a data controller. Obligations for processors are a new requirement under the GDPR.

The GDPR applies to personal data which is wider than under the Data Protection Act (DPA).

One key change to the current DPA rules is that those affected will have to show how they have complied with the rules. Proof of staff training and reviewing HR policies are examples of compliance.

Under GDPR, higher standards are set for consent. Consent means offering people genuine choice and control over how their data is used.

Overall, the aims of GDPR are to create a minimal data security risk environment, and to protect personal data to rigorous standards. For most organisations, this will entail time and energy getting up to speed with compliance procedures. Reviewing consent mechanisms already in place is likely to be a key priority. In practice, this means things like ensuring active opt-in, rather than offering pre-ticked opt-in boxes, which become invalid under the new rules.

Organisations will also have to think about existing DPA consents. The ICO’s advice is that:

‘You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.’

Where the current consents do not meet the new GDPR then action will be needed.

The fines for non compliance are severe at up to 20 million euros or 4% of total worldwide annual turnover (if higher).

The Information Commissioner’s Office (ICO) has published some very useful information and a 12 step planning guide to help organisations get ready ahead of the May 2018 deadline.

Internet links: ICO getting ready GDPR 12 steps.pdf