Data security is becoming a more frequent topic of conversation as we all get ready for important changes with the introduction of The General Data Protection Regulation (GDPR) in 2018.
PCS is working with staff and contractors to fully comply with the new legislation, and taking the opportunity to think imaginatively about how we use data for organising and communicating with members.
GDPR, which was approved by the EU Parliament in 2016, comes into force on 25 May.
The changes include headline-grabbing aspects like much larger fines for breaches of data protection, but we will work within the new law to ensure we’re able to organise and recruit members.
PCS is looking at different ways – using IT and an updated membership database, as well as apps for reps – that will allow us to more efficiently ‘map’ the workplace and identify where we have union members and non-members, in ways that ensure compliance with the GDPR.
The principles of existing data protection law continue under the new law. The most important changes relate to clearer roles and responsibilities within and between organisations.
PCS is a Data Controller, registered with the Information Commissioners Office (ICO), that holds data about its members in order to carry out its functions, provide information and services, and comply with statutory obligations.
The core principles of GDPR must be understood by all those processing personal data. They stipulate that data will be:
- Processed lawfully and in a transparent manner
- Collected for specified explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate, relevant and where necessary kept up to date
- Retained only for as long as necessary
- Processed in an appropriate manner to maintain security.
Membership department staff and others are processors, as are all local reps who access and use information from our membership database. To increase our organising capability we will, in any case, be making improvements to the portal to allow members to view and update more of their personal data directly.
PCS Data Protection Officer Martin John, said: “Our aim is to guarantee continued compliance with the regulations and we are confident that lay representatives, as well as our staff, will continue to process personal data securely.”
Branches will be familiar with our basic requirements for handling and disposing of data securely as they tend to reflect the security standards operated by the employers we deal with. Follow the link below for more details.
When handling organising data such as membership reports we want organisers, where possible, to get used to viewing data via the portal and not keeping paper lists. Where lists are necessary they should be stored in a lockable drawer or cabinet and destroyed securely after use. The encryption facility must always be used where such material is sent via e-mail.
“As a union we’re well used to coping with new legislation and other major policy changes. At the end of the day, there’s nothing in GDPR that stops us getting out there and talking to members and non-members, which ultimately makes the biggest difference to our strength in the workplace,” added Martin.