Briefing:Data Protection Guidance for Party Officers From: Emma Hoddinott For attention of: All Party Officers Published: 10th May 2018 Last updated: 6th March 2025 Printed: 1st April 2025 Other formats: Print Data Protection Guidance for Party Officers As a Party Officer there will be instances where you are dealing with member’s personal data such as their contact details and even the fact, they are a member. It is important that you and your branch are compliant with rules around data protection and aware of the rights of individuals over their personal data. The General Data Protection Regulation or GDPR came into force 25 May 2018 and this Briefing provides officers with an overview of those regulations some of the steps you may need to take to ensure data is protected. Check your responsibilities What is GDPR? On 25 May 2018, the General Data Protection Regulation (GDPR) were implemented in the UK. The introduction of this new legislation was the biggest change to data protection in the UK since the Data Protection Act came into force in 1998. GDPR provided a new legislative framework around Data Protection and Information Governance that better reflects the modern realities of data usage by all organisations. In addition, it established a number of new rights for members of the public, allowing them to better understand and control how organisations use their data. There are also robust sanctions for data breaches and non-compliance, including the provision for fining organisations found to be in breach. You can read more information about GDPR on the Information Commissioner’s Office (ICO) website. The Co-operative Party takes its responsibilities around Data Protection seriously and its Data Protection and Information Governance policies and practices to ensure organisational compliance with GDPR. In addition, the Co-operative Party has mechanisms by which Data Subjects can exercise their information rights. A key element of the GDPR is that the Co-operative Party must have explicit consent to communicate with individuals by email and phone What do I need to do as a Party Officer? When you use data from the Co-operative Party such as membership lists, you are a processor for that data which belongs to the Co-operative Party and subject to the requirements of legislation such as GDPR. If the only Co-operative Party data you use is membership lists provided by Head Office or downloaded from our Officer Dashboard, then you will not need to ask your members for consent, as we will have already checked this before sending you the membership list. In this case you don’t need to contact members in relation to GDPR, however there are other things that we ask you to do to protect the data we hold – see our check list that explains what practical steps you need to take as a Party officer. If you have email addresses for supporters who are not members of the Co-operative Party (for example individuals who have expressed an interest in attending events) or use an email service such as MailChimp to send emails to your branch, then please contact us so that we can add this to our register and help ensure your branch or party is GDPR compliant. We must have these people’s explicit consent to hold their information. The Co-operative Party has now updated all online and paper membership, sign-up and event registration forms, and petition templates to reflect the new requirement to have explicit permission to contact individuals by email. Who can access membership lists? We provide membership lists to local branches to help you stay in touch with your members and support member activity in your area. These lists are provided to officers and must be used in keeping with our Privacy Policy and Data Protection Checklist below. Membership lists are normally only made available to branch secretaries. If you are a party council secretary you will also be able to access the lists for your branches. Membership lists can be requested by logging in to your account on the Officer Dashboard. These will normally include the name, email address, phone number, postal address and membership status of members. Data Protection Check List The Co-operative Party provides data about our members to party officers to help them carry out their role and build strong and active local branches. When using Co-operative Party data, officers are required to comply with regulations such as GDPR. The general tips in this check list are designed to help you with your role but is not exhaustive. You must ask permission before you share someone’s personal data with an outside organisation. Where possible do this by email so you have a written record. When sending emails to branch members, always make sure that the email addresses are placed in the ‘BCC’ field. If you send regular email updates to members and supporters in your area, consider sending these through a special programme such as MailChimp, as this allows individuals to unsubscribe should they no longer wish to receive it. If you are a secretary, you should consider setting up a separate email address for your role, this means that you keep Co-operative Party data separate from your personal inbox and makes it easier to pass on to future officers. Any devices that you use to access or save Co-operative Party data such as membership lists should be protected with a strong password. Membership lists should never be saved on memory sticks that don’t have a password. Paper membership lists, sign-up forms and petitions gathered locally should be sent direct to Head Office to be recorded and stored. If you keep paper records, these should be kept in a secure cabinet and shredded when no longer needed. Only keep the most recent version of membership lists. When you receive a new list, delete or shred the previous copy. Updated lists can easily be downloaded from the Officer Dashboard. Never forward membership lists to other officers, instead ask them to request a copy of the membership list direct from Head Office. Similarly, never give your password for the Officer Dashboard or your email to anyone else. When working in a public place, be careful that other people do not see personal data that they have no right to view, e.g while working on a train or in a library. Remember, the Co-operative Party is an independent co-operative and political party. This means that organisations like the Labour Party and affiliated co-operative societies are treated as third parties. As with all outside organisations, only share data with these organisations when you have explicit consent from the individual concerned. How can I get more information? Further general information about GDPR is available from the Information Commissioner’s Office (ICO). You can also find out about what data the Co-operative Party collects and how it is used in our Privacy Policy. Get in touch if you have questions about data protection and your role within the Party If you have questions about and your branch, please get in touch with the Membership Team: membership@party.coop or 020 7367 4151. ContentsData Protection Guidance for Party OfficersCheck your responsibilitiesWhat is GDPR?What do I need to do as a Party Officer?Who can access membership lists?Data Protection Check ListHow can I get more information? Action Points Check your responsibilitiesRead our Data Protection Check List to make sure you're aware of your responsibilities Check what data you haveOnly keep the most recent version of the membership list - older versions must be deleted (or shredded if it's a paper copy) Check your data is secureOnly save membership lists onto a device that is password protected and never forward to anyone else For more information Get in touch if you have questions about data protection and your role within the Party. Emma Hoddinott Resources Further information on GDPR from the ICO Co-operative Party Privacy Policy