Andrew Lang

My first year in Risk has been fantastic and that’s mostly because of the people I’ve worked with. I’ve had the pleasure of working with so many different teams across the Co-op and would like to say a big thank you to all of them for helping me as I’ve adjusted to my new role.

Moving from Finance to Risk was a challenge but it’s one I’ve really enjoyed. Like Finance, Risk touches most areas of the Co-op in one way or another, so having a wide network of colleagues that I’ve worked with before has come in handy.

Because of my background I already had experience of financial risks, but it’s been great to learn about the other risks the Co-op is exposed to and plan how we can tackle those risks.

The central teams overseeing Data Protection, Health & Safety, Business Continuity and Security & Investigations are also part of Co-op Risk so we’ve got a really diverse team who work with experts across the business to help build a Stronger Co-op in all those fields.

Information Security is really important to us, as we hold lots of data on all our colleagues and members, so the Data Protection team works closely with Jon Turner’s team in IT to keep our systems as safe and secure as we can.

We got off to a great start with GDPR

My first day as Chief Risk Officer in March, was when we held a GDPR event in Angel Square, so I was thrown in at the deep end. What the GDPR programme delivered and the brilliant way colleagues in all areas reacted is one of my highlights of the year.

It was a real example of succeeding together that we should all be proud of. Colleagues queried hundreds of processes that weren’t GDPR compliant – some big, some small – and they’ve fixed nearly all of them now which is great news.

While I’m delighted with our progress, I’d ask everyone to stay vigilant and where necessary find new ways to protect the personal data we hold. GDPR needs to stay front of mind, and it can’t just be a one-off response.

A couple of weeks ago, Marriott hotels revealed there had been a data breach and it could now face the first big GDPR fine, so that’s a warning to us all. This type of fine could be huge – potentially multi-millions, as well as potentially reducing future revenues and losing people’s trust, which is really hard to regain. We can’t be too careful in this area.

We’ve got more to do in 2019

This year we’ve developed a new Risk framework and rolled out Risk training to our support centres and businesses, so we have a solid foundation to work from. Going into 2019 our plan is to build on that success and continue to embed a culture of thinking about risk in everything we do.

The team is also helping to improve Health & Safety standards across the Co-op to keep our colleagues, members and customers as safe as possible when they’re with us. That includes protecting colleagues from retail crime and a number of the team are helping drive the Safer Colleagues, Safer Communities programme with the Retail team.

It really matters that we do what we can to change the perception of retail crime – it’s not just a cost to the business, it’s a crime against our colleagues so I’m hopeful we can make real progress in this area in 2019.

But first some family time

We’ve got a busy few weeks yet but I’m really looking forward to Christmas now as it’s one of my favourite times of the year – a few days off, Christmas film with my immediate family and then hosting about 18 Langs at ours for Christmas Day!

My important role is to look after the drinks – Les Pionniers Champagne and Co-op Chateauneuf du Pape of course. It’s also my turn to be Secret Santa this year too (my brothers and I take it in turns) which is great fun, and then a few board games and a bit of family competition.

Of course, a lot of our colleagues will be working very hard over Christmas and New Year, so I always think of them at this time of year – they deserve a huge thank you for being there for our members and communities.

Have a relaxing, fun-filled Christmas, and thanks again for helping me enjoy the challenges of 2018.

Andrew Lang
Chief Risk Officer

Join the conversation! 1 Comment

  1. More on that data breach :

    Although the Marriott group’s headquarters are in the US, it has to comply with the EU’s GDPR rules when dealing with citizens in the EU.

    As always with a big data breach, be aware that scammers may send out emails claiming to be from the Marriott group.

    The hotel chain says it will not send any notification emails with attachments, and will not request any information from its customers by email.

Comments are closed.


Great place to work, People stories, Stronger Co-op, Stronger Communities