From 25 May, you have new and improved rights on how your information is handled by organisations. These come in with the new GDPR (General Data Protection Regulation) which replaces the Data Protection Act. And while you have these rights as an individual, obviously we as Co-op also need to make sure that all our colleagues, customers and members can use their rights in the same way.

So, here’s a quick list of your new rights:

Your right What it means for you
Right to ask for your personal info
(Right of Access)
It will be free to get a copy of any personal information an organisation holds about you – and you’ll get the info within a month. This is known as a Subject Access Request.
Right to correct your info

(Right to Rectification)

You’ll use this to ask an organisation to correct the info they hold about you where it’s inaccurate– or they need to tell you why they think it’s correct.
Right to have your info deleted

(Right to Erasure)

This is to ask an organisation to delete information about you – they can still hold it if they have a good reason to, but otherwise they’ll need to delete it.
Right to ask for your info to be transferred to other organisations

(Right to Portability)

This should make it easier to switch suppliers – asking your current supplier to pass over the relevant info they hold about you to your new one.
Right to limit how your info is used

(Right to Restriction)

If you want an organisation to only use your information in limited ways, you can ask them to do this. For example, you could ask them to keep some information that they might otherwise delete about you eg if you’re making a claim, and they’ll need to keep it somewhere safe without it being deleted or used.
Right to stop your info being used

(Right to Object)

Here you’re asking an organisation to stop using your information for something. Again, if they have good reason to continue, they can, but otherwise they’ll need to stop. You can always say no to receiving Direct Marketing though, this choice is always in your hands.
Right to ask for a person to check a decision made by a computer

(Automated Decision Making)

This would be used if you’re objecting to something like an automatic online credit check – challenging the outcome and asking for a person to review your case.

Do you handle or hold any personal information?

Are you ready for this new regulation and would you know what to do if you receive one of these requests?

We’re working with representatives from across Co-op to make sure you have clear processes and procedures in place to help you to look after colleagues’, customers’ and members’, information.  In the meantime, if you have any questions, please don’t hesitate to get in touch with the Data Protection Team at

You can also find more information about GDPR on the intranet (we’ll be making this content available on our colleague site shortly – in the meantime, if you don’t have intranet access and want to read this, then please ask your manager – search ‘GDPR’ on the intranet to find it). Over the coming week, we’re also going to publish more stories about different parts of GDPR here.

Join the conversation! 10 Comments

  1. I like the overruling an automated decision rule, I applied to extend a loan with the bank but it was rejected as I already have a loan, the computer assumed that I was keeping both loans. Hopefully a human can be a bit cleverer

    • Hi Matt, thanks for your comment! It’s definitely a great right to have – nothing more frustrating than ‘computer says no’, especially when you’re not sure why that would be the case. We hope you enjoyed the article, and that you’ll watch out for the others we’ve got coming soon!

  2. Just to be aware, the Subject Access Requests cost £10 per request.

    • Hi Abbie, thanks for your comment, you’re absolutely right! We can currently charge £10 for Subject Access Requests, but when GDPR comes in on 25th May, they’ll be free of charge! Sorry I think our article could have made that clearer (so it’s great you’ve pointed it out), we’ve edited it now to reflect this. We hope you enjoyed the rest of the article and that you’ll come back to read the ones we’ll be publishing soon!

      • Hi, Just to clarify, is it now also “free” if customers request a copy of a security camera DVD that they or their vehicle appears?

        • Hi Al, thanks for commenting. I hope you enjoyed the article! Yes, when someone requests a copy of CCTV showing them, this is still a ‘Subject Access Request’ and will be free as of 25th May.

          It is trickier where their car is visible in the footage, but the person isn’t – this is because we can’t be certain that it was them using the car that day. It would still be free to make a request like this, but in these situations we might not be able to give out the footage. I hope that helps, but if not, please get in touch with us! Our email address is

  3. Great article, a very complex subject but a really helpful explanation.

    • Agreed, well written and informative.

      People need to be aware of their rights and their data especially when it comes to big data hording businesses.

      • Hi T, thanks for the lovely feedback! You’re absolutely right, there’s so much information about us out there in today’s world, so it’s brilliant that we’ve all got rights over our information. Thanks again for taking the time to comment, and we hope you’ll keep an eye out for the articles we’ve got coming out over the coming weeks!

    • Hi Simon, thanks for taking the time to comment, we’re so pleased you enjoyed it! As you said, GDPR can seem pretty daunting, so we’re trying to break down these topics as much as possible to help our colleague understand what their rights are and what they can do to get ready. It’s an exciting time! We hope you enjoy the other articles we’ve got in the pipeline, and thanks again for your lovely feedback!

Comments are closed.


HR, IT, Membership