On 25 May 2018, the new General Data Protection Regulation (GDPR) will take effect. This regulation sets stricter requirements than the current Dutch Personal Data Protection Act (Wet Bescherming Persoonsgegevens, or WBP). In this article, we will explain what your pension fund is doing to comply with the GDPR and what this means for you.

ING CDC Pensioenfonds receives your personal details from ING. We need those details for the administration of the pension plan. They include your Dutch social security number (BSN), your date of birth, your gender and your salary. Why does the pension fund need these details? How does the pension fund protect your privacy? What is the difference between the old and new legislation? Let us explain.

Why the pension fund needs your personal details
We need your personal details for various reasons including the following:

1. Your details are needed for the administration of the pension plan. For example, the amount of pension you accrue depends on the level of your salary. And if you no longer work at ING or have retired, the pension fund will need your personal details to calculate the amounts of, for example, a value transfer or your monthly pension benefits.
2. If you have any questions about the pension plan or a life event that will have an impact on your pension, the Pension Desk staff uses your personal details in order to help you.
3. Details regarding your pension accrual are used in connection with legal requirements, such as drawing up the pension fund’s annual financial statements.
   
   

How does the fund protect your privacy?
The systems ING CDC Pensioenfonds uses for storing and processing your personal details are well protected. We have procedures in place to ensure that the pension fund cannot pass your details on to parties who have no involvement with your pension.

The pension fund has outsourced several activities, including the pension accounts, to outside companies. The fund has signed agreements with these companies to ensure the protection of your personal details.

What is the difference with current legislation?
The Dutch WBP already provided for strict protection of your privacy, and that will not change under the GDPR. What will change is that the pension fund will have to comply with stricter rules regarding compliance with procedures.

What does this mean for you?
The pension fund ensures your personal details are protected. You don’t need to take any action for that. Moreover, the pension fund processes only those personal details it needs for the administration of the pension plan.