Protecting your data

Salvus has to collect data from introducers, employers and their staff in order to administer your workplace pension. We take your data seriously and protect it and keep it secure. Up until recently, this was regulated by the Data Protection Act.

So what’s changed?

The "General Data Protection Regulation" ("GDPR") is an EU wide directive that applies from 25 May 2018. GDPR will have a significant impact on all organisations and we have worked hard to ensure we meet these high standards of data security. GDPR rules are being written into UK law and the Data Protection Bill is currently going through the parliament. Your rights of “data subjects” will be strengthened significantly under the new legislation. Individuals can request to have their data erased and given to them in a portable format. They can also refuse to be part of marketing activities and other processing activities in certain circumstances. In addition, there are clear requirements for Data Controllers to have accountability, responsibility and oversight of data privacy practices and we must be able to demonstrate compliance with the regulation. The IJK Regulators will be looking for assurance that there are strong data privacy risk and control frameworks in place. 

Overall GDPR replaces the UK's Data Protection Act.

What information does GDPR apply to?

The GDPR protects personal data, which is any information from which a data subject can be identified. The GDPR also refers to special categories of personal data.

What are the basic rules of GDPR?

1. Data must be processed lawfully, fairly and in a transparent manner

2. Data must be collected for specified, explicit and legitimate purposes

3. Data must be adequate, relevant and limited to what is necessary for the purposes for which it is collected

4. Data must be accurate and kept up to date

5. Data must be kept for no longer than is necessary

6. Data must be processed in a manner that ensures appropriate security

What is Salvus doing to ensure compliance with GDPR?

A new version of our terms and conditions was introduced some weeks ago has been to reflect the new data protection provisions covering GDPR. If you are an existing employer we sent you an update participation agreement, terms and conditions and payment schedule in March 2018. If you want to read the latest version of terms and conditions, you will find it here.

Our Privacy Notice which contains important information and can be viewed here

Where can I find further information?

For further information on GDPR please refer to the Information Commissioner’s Office at