Briefing:Data Protection Guidance for Party Officers From: Shane Brogan For attention of: All Party Officers Published: 10th May 2018 Last updated: 27th April 2021 Printed: 7th October 2024 Other formats: Print The General Data Protection Regulation or GDPR came into force on 25 May 2018 and helps strengthen the rights of individuals over their personal data. Like all organisations, the Co-operative Party has developed existing data protection practices to ensure compliance with the new regulations. These apply to all units of the Party including branches, party councils and regional parties. This Briefing provides officers with an overview and some of the steps you may need to take to ensure you and your branch are compliant. What is GDPR? The General Data Protection Regulation (GDPR) aims to produce a new legislative framework around Data Protection and Information Governance that better reflects the modern realities of data usage by all organisations. In addition, it establishes a number of new rights for members of the public, allowing them to better understand and control how organisations use their data. The GDPR will also introduce a number of robust sanctions for data breaches and non-compliance, including the provision for fining organisations found to be in breach. You can read more information about GDPR on the Information Commissioner’s Office (ICO) website. Read more about GDPR from the Information Commissioner’s Office (ICO) How does this affect the Co-operative Party? The Co-operative Party takes its responsibilities around Data Protection seriously and has developed its Data Protection and Information Governance policies and practices to ensure organisational compliance with GDPR. In addition, the Co-operative Party has mechanisms by which Data Subjects can exercise their information rights. A key element of the GDPR is that the Co-operative Party must have explicit consent to communicate with individuals by email and phone. We communicate in this way to keep supporters updated about Co-operative Party campaigns, events and opportunities to get involved. What do I need to do as a Party Officer? The work of the Co-operative Party is only possible thanks to the hard work of our voluntary officers across the UK. We know that data protection can sometimes seem daunting and so the Party will do our best to ensure you have all the tools needed to comply with GDPR. When you use data from the Co-operative Party such as membership lists, you are a processor for that data which belongs to the Co-operative Party and subject to the requirements of legislation such as GDPR. If the only Co-operative Party data you use is membership lists provided by Head Office or downloaded from our Officer Dashboard, then you will not need to ask your members for consent, as we will have already checked this before sending you the membership list. In this case you don’t need to contact members in relation to GDPR, however there are other things that we ask you to do to protect the data we hold – see our check list that explains what practical steps you need to take as a Party officer. If you have email addresses for supporters who are not members of the Co-operative Party (for example individuals who have expressed an interest in attending events) or use an email service such as MailChimp to send emails to your branch, then please contact us so that we can add this to our register and help ensure your branch or party is GDPR compliant. The Co-operative Party has now updated all online and paper membership, sign-up and event registration forms, and petition templates to reflect the new requirement to have explicit permission to contact individuals by email. If you are using old templates, please destroy those and request copies of the new versions from the Membership Team. Who can access membership lists? We provide membership lists to local branches to help you stay in touch with your members and support member activity in your area. These lists are provided to officers and must be used in keeping with our Privacy Policy and Data Protection Checklist below. Membership lists are normally only made available to branch secretaries. If you are a party council secretary you will also be able to access the lists for your branches. Membership lists can be requested by contacting the Membership Team or by logging in to your account on the Officer Dashboard (click here to register). These will normally include the name, email address, phone number, postal address and membership status of members. Data Protection Check List The Co-operative Party provides data about our members to party officers to help them carry out their role and build strong and active local branches. When using Co-operative Party data, officers are required to comply with regulations such as GDPR. The general tips in this check list are designed to help you with your role but is not exhaustive. Ask permission before you share someone’s personal data with an outside organisation. Where possible do this by email so you have a written record. When sending emails to branch members, always make sure that the email addresses are placed in the ‘BCC’ field. If you send regular email updates to members and supporters in your area, consider sending these through a special programme such as MailChimp, as this allows individuals to unsubscribe should they no longer wish to receive it. If you are a secretary, you should consider setting up a separate email address for your role, this means that you keep Co-operative Party data separate from your personal inbox and makes it easier to pass on to future officers. Any devices that you use to access or save Co-operative Party data such as membership lists should be protected with a strong password. Membership lists should never be saved on memory sticks that don’t have a password. Paper membership lists, sign-up forms and petitions gathered locally should be sent direct to Head Office to be recorded and stored. If you keep paper records, these should be kept in a secure cabinet and shredded when no longer needed. Only keep the most recent version of membership lists. When you receive a new list, delete or shred the previous copy. Updated lists can easily be requested from the Membership Team or downloaded from the Officer Dashboard. Never forward membership lists to other officers, instead ask them to request a copy of the membership list direct from Head Office. Similarly, never give your password for the Officer Dashboard or your email to anyone else. When working in a public place, be careful that other people do not see personal data that they have no right to view, e.g while working on a train or in a library. Remember, the Co-operative Party is an independent co-operative and political party. This means that organisations like the Labour Party and affiliated co-operative societies are treated as third parties. As with all outside organisations, only share data with these organisations when you have explicit consent from the individual concerned. How can I get more information? If you have questions about data protection and your branch, please get in touch with the Membership Team: membership@party.coop or 020 7367 4151. Further general information about GDPR is available from the Information Commissioner’s Office (ICO). You can also find out about what data the Co-operative Party collects and how it is used in our Privacy Policy. Action Points Check you're responsibilitiesRead our Data Protection Check List to make sure you're aware of your responsibilities Check what data you haveOnly keep the most recent version of the membership list - older versions must be deleted (or shredded if it's a paper copy) Check your data is secureOnly save membership lists onto a device that is password protected and never forward to anyone else For more information Get in touch if you have questions about data protection and your role within the Party. Shane Brogan Membership Manager Resources Further information on GDPR from the ICO Co-operative Party Privacy Policy