The Co-operative Food
The Co-operative Travel
The Co-operative Childcare
The Co-operative Funeralcare
The Co-operative Flexible Benefits
Co-op Pharmacy
Co-op Energy
Post Office
The Phone Coop

Data Protection

Find out more about the Data Protection and what it means for you. 

Some information on this page is private. Sign in to view:

  • Contact details of your Data Protection Champion
  • Contact details of the Society's Data Protection Manager

Sign in  


Data Protection

In May 2018, new EU data protection legislation was introduced for all member states (the General Data Protection Regulation, or GDPR), which became law in the UK as the Data Protection Act 2018 (formerly known as the DPA 1998). The Act specifically regulates the processing of people’s personal data, which means the way we collect, use, store and dispose of colleagues, customers, members or contractors’ personal information.

The amount of personal information the Society, and most of its businesses, process has incrementally grown over the years due to the rising number of members and colleagues the Society employs, as well as a more widespread circulation of personal data through social media and online marketing, so we need to ensure we comply with the law.

People are also more aware of their rights in relation to their personal data, and this has led to an ever-growing number of complaints escalated to the Information Commissioner's Office (the supervisory authority for data protection in the UK), which can now impose fines of up to 4% of an organisation’s annual turnover when a serious data breach is committed, either deliberately or recklessly – this means the Society could be exposed to really significant financial and reputational damage: decreased sales, increased complaints, loss of customers confidence and negative press.

The Society's Policies and Procedures

Under the new legislation, the Society has a number of obligations in relation to the way it processes people’s personal data, and it is therefore essential that colleagues are familiar, and comply with, all the relevant policies and procedures the Society has put in place to ensure compliance going forward.

The key policies can be found here, other policies and guidance papers are available on the Society’s intranet:

What about your personal data?

Of course, data protection law is not just about other people’s personal data! The Society holds information about you, as a colleague, and it must protect, and be respectful of, your personal information in the same way as any personal information relating to members or customers.

The Society has updated its Privacy Notice for colleagues, which explains what information we hold about you, how we use it and what rights you have in relation to it.

The Society has also updated its Privacy Policy aimed to inform the public about how the Society collects and processes personal data, for what purposes, for how long it retains it and how it disposes of it once it is no longer needed.

How to keep personal data secure, and what to do when things go wrong

The law says we have an obligation, as an organisation, to protect people’s personal information from “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage”.

What does that mean? Well, it means that every time we process people’s personal data, which for many of us is every day, we must pay the necessary attention to avoid data breaches, and that we treat other people’s personal data with the same care we would use for our own. So, in summary...

Think > Respect > Protect

This applies to all colleagues, regardless of your job title or business location! So you must make sure you have read, and understood, the Society’s policies and guidance papers, especially the Acceptable Use of IT Facilities Policy.

...But things can go wrong, so when they do, we need to act quickly. If you think you, or a colleague, may have committed a data breach, or spotted something which doesn’t look right, you should contact your DPC immediately, and they will report the incident to the Society’s Data Protection Manager for further action. If you are unable to contact your DPC, you must contact the Society’s Data Protection Manager directly.