Personal data is at the heart of occupational pensions. Work histories, member details, financial information; all are essential to ensure the right benefits are paid to the right people.

It is vital that the terms of the applicable Data Protection legislation are met, along with the obligations on how controllers handle personal data.

Trustees and employers also have to grapple with the evolving cyber security picture, a technological and procedural ‘arms race’ in which they need to ensure they stay one step ahead of the threat.

Are you a trustee struggling to deal with data protection compliance? Or, would you like to know more about your obligations as an employer or a trustee?

We have the knowledge and expertise to help.


The team offers a complete range of services covering:

  • Governance: ensuring that your personal data handling is in line with the latest legal requirements and regulatory guidance.
  • Documentation: drafting data protection policies, privacy notices, breach reporting frameworks and data privacy impact assessments.
  • Data sharing: advice on data sharing arrangements, both for third party contracts and intra-group. 
  • Incident management: ‘hands-on’ advice on dealing with subject access requests, data breaches and security incidents.

Our team

We have a large team of qualified lawyers specialising exclusively in pensions law, as part of a network of other specialists across the firm with extensive experience advising on pension scheme issues in their respective areas, such as mergers and acquisitions, banking, litigation, data protection, funds and investments, and commercial contracts. 

We are top ranked by the leading legal directories, with both Scots and English law qualified team members operating on a UK-wide basis. 

We are committed to building long-term, mutually beneficial relationships with our clients. We adopt a user-friendly approach, balancing commerciality and technical expertise to ensure that our advice is not only technically excellent but also tailored to our clients’ individual needs and provided in a straightforward, easily digestible manner. 

We don’t sit on the fence and will always provide solutions-focused advice with practical recommendations on the way forward. 

Our recent experience includes:

  • co-ordinating and leading data protection compliance projects across a range of clients and scheme sizes, in the public and private sectors;
  • documenting third party data sharing arrangements for trustee and employer clients, covering contractual updates and the ‘front line’ employee procedures;
  • active involvement in data breach response teams, investigating and dealing with data breaches in line with statutory and regulatory timeframes; 
  • drafting data protection policies, privacy notices and other governance documentation;
  • preparing bespoke cyber security and crime prevention strategy in line with Pensions Regulator guidance; and
  • trustee and employer training on data protection obligations and the latest ICO guidance.
  • Shepherd & Wedderburn’s Scottish pension team is the best I have worked with. Their depth of knowledge and experience combined with their breadth of staff and resourcing is excellent. They are my ‘go-to’ pensions team.

  • Shepherd and Wedderburn is known for being "fast, responsive and proactive, with no waffle', and for possessing 'great business acumen as well as empathy with people".

  • ...both sound and pragmatic, and have a proactive and responsive approach. 

  • Technically extremely able, cohesive and highly responsive team who are strong advisers, good on both the detail and the strategic view, and lovely people to work with. 

  • They have a very good command of their subject but are also very approachable and user-friendly. They are good at making complexity palatable and working as a team.

  • Shepherd and Wedderburn’s highly experienced team is ‘excellent in all areas’.