The balancing act we need to get right with Information Security is making sure that the right information is available at the right time to the right people, while also making sure that it’s protected from accidental (or malicious) changes or loss.
Our Information Security policies and standards* are all designed to keep you on the right side of the law when it comes to GDPR (the General Data Protection Regulation which comes into force from 25 May). All colleagues have signed up to follow these when they use our systems and information.
Things to do now
- If you’re not familiar with our policies and standards, then spend some time refreshing yourself.
On our information security intranet pages* you’ll find policies that apply to all colleagues, and then some particular ones for those with specific responsibilities in their role.
- Make sure you ‘classify’ your documents correctly.
In our Information Classification and Handling Policy* you’ll find what should be classified as Highly Confidential, Confidential, Internal and Public – and how to deal with, retain, and dispose of these different types.
- Complete your GDPR training.
Different business areas have different timescales and approaches to being trained. If you’re not sure of when and how you need to get trained (every colleague does), then speak with your line manager.
If things go wrong, don’t keep quiet
Call the Information Incident Hotline on 0844 262 9990 if you think any information has been sent to the wrong person or place, or if someone has accessed information they shouldn’t have. This includes reporting if your Co-op mobile, tablet or laptop is lost or stolen, or if any personal device you use for work purposes has gone missing or been compromised in any way. The sooner you report it, the quicker we can minimise any impact.
GDPR covers a lot of things, and we’ve recently published stories about: your information, your rights; being fair; and handling data with care. We also have information on our GDPR intranet pages* and will continue to update information here too.
*If you don’t have direct access to the intranet, then please ask your manager. Pages referred to here can be found by searching for ‘information security policies’ or ‘GDPR’ from the homepage.