Search site

Data Protection

Rights of Access

The West Midlands Pension Fund has a duty to protect the personal data it processes and to inform members about how their data is managed and used by the Fund.

In line with data protection legislation, an individual has a right to request information held about them. A request for information about an individual other than the subject of the information will be rejected except in the following circumstances:

  • parents may request information about a child under 16;
  • a Solicitor/Professional Advisor may request information on behalf of an individual with that individual's approval via a WMPF specific LOA

How to make a request

A request may be made by email to ,or you can request access to your information in writing - Write to us...

What is the Process?

Once a validated request is received, the Fund will have 30 calendar days in which to respond to your request. In some cases, where there is a large amount of information, the Fund may need to contact you to extend the timeframe for a response. An explanation of the reasons for the required extension will be provided and you will be given the opportunity to reduce or specify the information you are seeking. Once the Fund has collated all the information it will provide the information in the manner requested, either by email or by post.

Data Privacy Impact Assessments

Privacy Impact Assessments (PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals' expectations of privacy. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to the reputation which might otherwise occur. Privacy Impact Assessments are an integral part of taking a privacy by design approach. 

Should you wish for any further information on PIAs , please email the Fund's Data Protection Officer at

Data Protection Policies

The Fund has drafted a Data Protection Policy which sets out its compliance with the requirements under the data protection legislation.

pdf icon Data Protection Policy [1Mb]

Both the Fund and our Employers are considered Data Controllers under data protection legislation as we both have individual and separate access to information about individuals who are members of the scheme. Following GDPR and the implementation of the Data Protection Act 2018, the Fund utilises a Memorandum of Understanding which sets out the data controller role for each of our 2 bodies and seeks to provide assurance on our management of data. The LGA believe that this Memorandum of Understanding removes the need for a formal data sharing agreement as it imposes obligations on both our parts to comply with the requirements of data protection legislation.

pdf icon Employer Memorandum of Understanding [127kb]

The Fund has also produced an assurance statement in its management of data

pdf icon GDPR Assurance Statement [236kb]

Together with completing the ICO checklist for Data Controllers

pdf icon ICO Checklist for Data Controllers [209kb]

Data Protection
Data Protection

Powered by GOSS iCM