When we ask for personal information, we have to make sure it’s clear why we’re asking for it, and what we’re going to use it for – and then actually only use it for that reason. This is another of the areas that the new GDPR (General Data Protection Regulation – coming into force from 25 May) focuses on.
We’re updating our privacy statement about what we do with personal information to make sure it’s very clear about what information we collect, what we do with it, who we share it with and how long we’ll keep it for.
And this applies to any form of information we’re collecting, whether that’s through a website, a paper form, a telephone recording, CCTV, social media or any other way we may capture it.
Keeping it legal
Obviously we need to collect personal information – for colleagues working here and customers and members shopping with us and using our services. And there are bits of GDPR which allow us to do this where it’s needed for certain things. But when we do, we must remain legal and make sure that we’re not forcing their consent or tricking them into allowing us to use their information in an unfair way.
For example, if we were to say that you can only enter a competition if you consent to receiving weekly marketing emails; that would be wrong. The individual has to have the right to enter the competition and only have their personal information used for that purpose.
We must never use those confusing ‘untick this box if you do not want to not be contacted in the future’ type messages when we collect personal info. Instead we are being very clear about how people opt in, should they wish to, to further marketing and contact that may be useful for them (as shown on the right).
Along with the use of consent from individuals allowing us to use their information, we can also rely on other areas to process personal information. For instance we can use personal information for the performance of a contract (like your employment contract) or for legal or compliance reasons (like reporting accidents).
Do you handle or hold any personal information?
You wouldn’t want your personal information used in the wrong way, so we need to make sure that we’re being trusted with our colleagues’, customers’ and members’ information too.
When you’re collecting information from people, do you know whether you’re allowed to and are you being really clear with people about what you’re using it for?
We’re working with representatives from across Co-op to make sure you have clear processes and procedures in place to help you to look after personal information. In the meantime, if you have any questions, please don’t hesitate to get in touch with the Data Protection Team at firstname.lastname@example.org
You can also find more information about GDPR on the intranet (we’ll be making this content available on our colleague site shortly – in the meantime, if you don’t have intranet access and want to read this, then please ask your manager: search ‘GDPR’ on the intranet to find it).
Over the coming weeks, we’re also going to publish more stories about different parts of GDPR here.