GDPR - 25 May 2018 logo

GDPR is here – at last! Hopefully, that means fewer spam emails for all of us, but more importantly the law has now changed around how businesses handle personal information.

There has been a huge amount of effort across Co-op on our journey to comply with GDPR, so I’d like to say a huge thank you to everyone who has helped so far.

However, this is not the end. We need to keep the ‘foot on the gas’ to make sure we keep our focus and culture around the importance of doing the right thing with personal information.

To continue building a Stronger Co-op that handles personal information in the right way, I’m delighted to announce that our new Data Protection Officer (DPO) is Vicky McGhee. Congratulations and good luck in her new role to Vicky and thanks to Jon Turner who has been Interim DPO as well as covering his own Information Security role. Vicky and her team will help us all do the right thing when handling our members’, customers’ and colleagues’ personal information.

Remember, protecting information is all about you. If your training, the posters or your team discussions have left you wanting to know more, please visit our GDPR pages on the colleague site. If you still have unanswered questions or concerns then ask your line manager, discuss them with your team, contact your Data Lead, or remember there is always the Data Protection team:

Thanks again for your help ensuring we do the right thing with personal information and ‘Happy GDPR Day’!

Andrew Lang
Chief Risk Officer

Join the conversation! 4 Comments

  1. Funny…..
    “Do you know a good GDPR consultant?”
    “great, can you give me their email address?”

    • Yes I saw that. Question is though – is that true? Are we now prevented from helping people network?

  2. Wonder when the 100’s of people who are not employees of the Co-op but can log onto Co-op systems will get training?

    • Hi ‘Empty’. I asked our GDPR team your question and you’ll be pleased to know that our contractors and temps have been included in our training. For those who work for other companies yet have access to our systems, our contracts stipulate that they need to abide by the regulation too and our security teams have carried out due diligence checks on them. Ultimately though, for colleagues working for different companies, it’s those companies’ responsibility under GDPR to make sure their colleagues are trained and compliant. Hope this helps, ^Kevin

Comments are closed.