Graphic saying: one month to go - GDPR - 25 May 2018

On 25 May, GDPR (the General Data Protection Regulation) comes into force – are you ready? Ultimately, this is about keeping our customers’, members’, suppliers’, contractors’ and colleagues’ (anyone’s!) personal information safe and using it responsibly. You wouldn’t want your personal information to be mishandled or misused by anyone, so make sure you’re not doing anything wrong with the personal information you may handle in your role.

This short animation will help you understand what this is all about:

NOTE: we know you can’t see this in stores. Please search for Co-op Colleagues on YouTube to see it anytime, or read the transcript.

Training is now rolling out for every colleague – if you’ve not had an invitation or got a session planned (training methods differ by business) please speak with your line manager. It’s important that all colleagues complete this, so get it planned in now.

Here are five key things as a quick check list of what we should be doing:

  • Rights and Requests – new and improved rights on how your personal information is handled by organisations. Make sure you know what these look like and what to do if you receive one.
  • Legitimate processing – make sure we have a good reason for using someone’s personal information and they are aware of it before we start using it.
  • Information management – only collect, keep and share personal information that is absolutely necessary.
  • Information security – keep personal information secure, look at who has access to it and make sure you classify your documents.
  • Third parties – make sure those contracts are up to date and due diligence is performed on new suppliers.

Your one place to go for GDPR information

All our information on GDPR is now available to all colleagues on any device anytime through the colleague site. From this new GDPR page, you’ll find:

  • Graphics and downloadable materials to help you understand more
  • FAQs
  • Who to contact with queries
  • Links to the various stories we’ve published about GDPR
  • Updated Data Protection policy and standards
  • External links to organisations that can tell you more

We’ve published some stories to help you understand what GDPR means for us, so please check these out if you haven’t already:

If you’ve got questions about this, first speak with your line manager or contact the Data Protection team at

Protecting information – it’s all about you.