All you need to know about how to deal with personal information

The GDPR (the General Data Protection Regulation) and the Data Protection Act 2018 are all about personal information and the rules around how companies and organisations collect it, store it, keep it accurate, use it, share it, dispose of it and allow individuals access to it. In a nutshell, it’s about handling personal data in a way that’s clear, trustworthy and responsible.

If we get it wrong, the regulator can impose fines of up to 4% of worldwide turnover – that’s nearly £400m for Co-op! But worse than that, it could cause harm or upset to our customers, colleagues and Members, as well as damaging our reputation

Data Protection applies to everybody's personal information.

It applies to data in any form: Personal information means:
Electronic (eg, emails, databases, contact lists, CCTV footage) Obvious things (eg, names, addresses, date of birth, bank details)
Physical (eg, paper reports, forms, Less obvious things (eg, online identities, photographs, location data)
Sensitive things (eg, health data, religion, sexual orientation, political ideals)

Below are some key things to think about and some posters which you can print if you need to:

Key policies

These are only currently available on the Sharepoint:

Data Protection Policy - This policy tells you about your responsibilities in dealing with personal information, what laws apply to this, and what other policies or controls you might need to refer to.

Cardholder Data Security Policy – If you’re handling credit or debit card information as part of your role, this explains your responsibilities around keeping this type of information safe.

Data Classification and Handling Policy - This policy tells you about your responsibilities for keeping customer, member, and fellow colleagues’ personal information safe and how to do this.

Data Lifecycle Management Policy - This policy tells you about your responsibilities for making sure personal information is collected in the right way and held for the right amount of time.

Supplier Security Policy - When suppliers handle Co-op information, it is important to ensure that they provide adequate security.

If you need further support

If you have queries that the above information doesn’t help with, you can speak to the Data Protection Lead for your area (you can find these by searching on Sharepoint). If they can’t help – or if you have any feedback on this content or suggestions for what other information you’d like to see here – then please contact us: