Today’s Data Protection Day, and it’s quite a big milestone for me. As well as being a time to reflect on our progress since the General Data Protection Regulation (GDPR) came in last year, it’s also the same day as my 21 year Co-op anniversary.
Since I started at Co-op I’ve had various data related roles – data governance, data quality and information security, and for the last 11 years I’ve been in data protection at Co-op Risk.
I’ve been in my role of Data Protection Officer since June and I’m absolutely loving it. It’s challenging, because it’s a role which is brand new to the industry (introduced as part of GDPR) so it still needs shaping, but it’s something I can really get my teeth into. I’ve just finished building my team, we’re small but we have a great mix of experience – some of us have previously worked for the Information Commissioner’s Office, local councils or the NHS, and we also have home-grown Co-op talent too. I’d like to say a big thank you to them all for working really hard to adjust to their new roles and hit the ground running.
We’re obviously really passionate about making sure the personal information of our customers, members and colleagues is treated with care and respect. Not just because we legally have to, but because it’s the Co-op way – we want to be responsible, ethical and caring.
My team is responsible for: supporting colleagues who collect personal information to be really clear about what it will be used for, helping them respond to requests from individuals asking for copies of their information, or asking for their information to be erased or changed, making sure that any data breaches and complaints are investigated and managed effectively, and doing a ‘Data Protection Impact Assessment’ for any high-risk initiatives.
People often ask why I love Data Protection so much. Even now there’s always something new to learn and every day is different. It’s hard to have a to-do list as you never get to the end of it. Some of it is so reactive – if you have a data breach everything else goes out the window and it’s all hands on deck for as long as it takes. There have also been a lot of exciting changes at Co-op, and developments like our new membership offering, new products and businesses all have potential data implications. I love to see where we can add value, and the earlier teams engage with us, the more we’re able to help them do the right thing in a way benefits us commercially, and meets the needs of our audience.
Colleagues across the Co-op did a huge amount last year to get ready for GDPR, really working together to spot the things we needed to do better and fixing them. There was a lot to do in a very short space of time, and I want to take this opportunity to thank everyone involved. This gave us really great foundations to build on, but we can’t take our foot off the gas – there’s still a lot to do. Key focus areas for this coming year will include ongoing communications and training, and making sure that all our key policies and processes are in place and tested to make sure they’re effective.
If I was to give colleagues any advice this Data Protection Day it would be this:
- Take a moment to refresh your knowledge of data protection and the tips and hints we shared last year about your rights, being fair, handling information with care and securing information
- If you’re planning any changes that involve personal information – or even if you’re not completely sure if it does – come and talk to us early or speak to your Data Lead as we can advise you
- Whether in work or at home – if something doesn’t feel right, or you feel that people are asking for too much information – question whether they really need it
Happy Data Protection Day,
Data Protection Officer