Like most websites, our site uses cookies. By using the site, you are agreeing to our use of cookies.
The Co-operative Food
The Co-operative Travel
The Co-operative Childcare
The Co-operative Flexible Benefits
Co-op Pharmacy
Co-op Energy
Post Office
YourCoop Phone
YourCoop Broadband

Data Protection

Find out more about Data Protection and what it means for you...

Some information on this page is private. Sign in to view:

  • Contact list for your Data Protection Champions

Sign in  

 

 

Data Protection

Data Protection is about ensuring people can trust you to use their data fairly and responsibly. If you collect information about individuals for any reason you need to comply.

UK General Data Protection Regulation (UK GDPR) is the UK’s implementation of the EU GDPR and is tailored by the Data Protection Act 2018 (DPA). It controls how your personal information is used by organisations, businesses, or the government


The Information Commissioner’s Office (‘ICO’) is the supervisory authority and regulates data protection in the UK. They offer advice and guidance, promote good practice, carry out audits, consider complaints, monitor compliance, and take enforcement action where appropriate. Failure to comply with the law could lead to serious consequences for the Society. For serious breaches, the ICO can impose fines of up to 4% of an organisation global turnover – that’s approximately £35 million for the Society!

 

What is personal data?

Personal data is information which identifies a living individual such as: full name, home address, email addresses, telephone number, financial information (eg bank account details) payroll number, DOB, NI number.

The DPA differentiates between personal data and special category data which is of a more sensitive nature and must be treated with greater care than other types of personal data. Special category data includes racial or ethnic origin, religious beliefs, health information etc. Further details can be found in our Data Protection Policy.

Of course, data protection law is not just about other people’s personal data!

The Society also holds information about you, as a colleague, and it must protect and be respectful of it. The Society’s Privacy Notice for Colleagues, Workers and Contractors explains how this is done.

 

How does this relate to you?

Within the Society, every business group processes personal data. We typically deal with personal data about our colleagues, members, customers, and suppliers. This makes us all accountable for looking after this data.

 

Our Policies, Procedures and Guidance

The Society has a number of relevant policies/procedures to ensure we are compliant with the law. We also have some useful guidance documents to aid colleagues if you’re unsure what to do in certain situations, click on the links below to find out more...

Policies/Procedures

Guidance

CCTV Policy and Guidance to Managers

Short Guide for Colleagues

CCTV Privacy Notice

Colleague Guidance – Dealing with Data Breaches

Use of Access to CCTV Recordings – Policy

Data Breaches – Are you Ready

Clean Desk Policy

DBS Checks – quick guidance for colleagues

Data Protection Policy

Due Diligence Questionnaire for data processors

Data Retention & Disposal Policy

Do I need to carry out a DPIA

Information Security Policy

WFH 10 tips on GDPR

 

Data Protection Do’s and Don’ts

 

Colleagues Guidance – Individual Rights requests

 

Data Protection Impact Assessment - Process Flowchart

 

Data Protection Impact Assessment - Template

 

Data Security Incident Reporting Form

We also have a compulsory Data Protection training module which can be found on iLearn here

To find out more about Data Protection Impact Assessments (‘DPIAs’), see here

 

What to do when things go wrong

Whenever we process personal data, we must think carefully about who we share it with, how we store it, how we use it, and how we dispose of it when we no longer need it.  If we don’t do that a personal data breach may occur.

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. As such, a breach is more than just about losing personal data.

If a personal data breach occurs you need to act quickly and complete the necessary reporting form which can be found here. You should send a copy to the Data Protection team at data-protection@midcounties.coop so they can assess the severity of the incident and whether it needs reporting to the ICO. Acting promptly is vital as the Data Protection team has 72 hours from becoming aware of the breach to report to the ICO, where appropriate.

 

Need more help?

If you have any questions about our policies, or a general query about data protection, or perhaps you have read a Colleague Guidance and you still aren’t sure about what to do, you should seek additional information from your Data Protection Champion (DPC). There are two DPCs in each business group, to find your DPC and get in touch please click on the link below (please note, you must be signed in to Colleagues Connect to see the link below, if you are not signed in, please click here).

Alternatively, you can also contact the Society's Data Protection Officer (DPO) directly, either by email or post: data-protection@midcounties.coop; Secretariat Group, Co-operative House, Warwick Technology Park, Warwick, CV34 6DA.