From 25 May, you have new and improved rights on how your information is handled by organisations. These come in with the new GDPR (General Data Protection Regulation) which replaces the Data Protection Act. And while you have these rights as an individual, obviously we as Co-op also need to make sure that all our colleagues, customers and members can use their rights in the same way.
So, here’s a quick list of your new rights:
|Your right||What it means for you|
|Right to ask for your personal info
(Right of Access)
|It will be free to get a copy of any personal information an organisation holds about you – and you’ll get the info within a month. This is known as a Subject Access Request.|
|Right to correct your info
(Right to Rectification)
|You’ll use this to ask an organisation to correct the info they hold about you where it’s inaccurate– or they need to tell you why they think it’s correct.|
|Right to have your info deleted
(Right to Erasure)
|This is to ask an organisation to delete information about you – they can still hold it if they have a good reason to, but otherwise they’ll need to delete it.|
|Right to ask for your info to be transferred to other organisations
(Right to Portability)
|This should make it easier to switch suppliers – asking your current supplier to pass over the relevant info they hold about you to your new one.|
|Right to limit how your info is used
(Right to Restriction)
|If you want an organisation to only use your information in limited ways, you can ask them to do this. For example, you could ask them to keep some information that they might otherwise delete about you eg if you’re making a claim, and they’ll need to keep it somewhere safe without it being deleted or used.|
|Right to stop your info being used
(Right to Object)
|Here you’re asking an organisation to stop using your information for something. Again, if they have good reason to continue, they can, but otherwise they’ll need to stop. You can always say no to receiving Direct Marketing though, this choice is always in your hands.|
|Right to ask for a person to check a decision made by a computer
(Automated Decision Making)
|This would be used if you’re objecting to something like an automatic online credit check – challenging the outcome and asking for a person to review your case.|
Do you handle or hold any personal information?
Are you ready for this new regulation and would you know what to do if you receive one of these requests?
We’re working with representatives from across Co-op to make sure you have clear processes and procedures in place to help you to look after colleagues’, customers’ and members’, information. In the meantime, if you have any questions, please don’t hesitate to get in touch with the Data Protection Team at firstname.lastname@example.org.
You can also find more information about GDPR on the intranet (we’ll be making this content available on our colleague site shortly – in the meantime, if you don’t have intranet access and want to read this, then please ask your manager – search ‘GDPR’ on the intranet to find it). Over the coming week, we’re also going to publish more stories about different parts of GDPR here.