What are we doing about the GDPR?
Trust is at the heart of each transaction between GMB, its members, partners and suppliers. It is important to us, and crucial to the success of our organisation, that GMB is trusted to securely hold and process the data that you, our employees, members, partners and suppliers give us.
The General Data Protection Regulation (GDPR), which comes into force on 25 May 2018 will assist us in achieving these requirements and we, like many companies, are making a host of technical, organisational, contractual and process-led changes to ensure that we meet the requirements of the new regulation.
What are GMB doing to prepare for the GDPR?
As part of our GDPR’ Readiness Programme’, we have commissioned an independent, external assessment of our organisation. This has identified some issues and provided a set of recommendations, which we are now in the process of implementing.
- Further investment in our security infrastructure;
- Reviewing and updating our processes, policies and documentation;
Assessing our suppliers and third parties to ensure that they can process our data in accordance with GDPR;
- The specific GDPR functionality to provide information to our members about the personal data that we require to process.
- Implementing relevant updates from the Information Commissioners Office (ICO) and other sources.
Data Protection Working Party
Further to the above we have formed an internal working party made up of some of the organisations most senior staff. This group has taken guidance and support from the staff teams within regions and utilised this expertise to ensure a plan is in place to support the work of the union throughout our structures.
Below are some of the steps being undertaken in partnership with the independent assessment to ensure the highest levels of scrutiny and attention are applied to the process of becoming compliant and protecting all our data.
- Staff Guidance
- Branch Guidance
- Exploring new ways to deliver technology to branches
- Policy development
- Seeking and implementing necessary legal guidance
Governance, Policies and Processes
In the run up to 25th May 2018, we are raising awareness of the GDPR throughout our organisation. All our staff will be going through GDPR training sessions, tailored to the work of the union. This will include overviews of our new data protection policy and oversight of our privacy notices.
From 25 May 2018 our Data Protection Officer will be formally taking on the new GDPR accountabilities.
What are we doing to help our suppliers/partners prepare for GDPR?
As part of your own preparations for the GDPR, you will be looking to us to not only provide assurance of our readiness in general terms, but to, where required, work with you to ensure we have the appropriate data protection terms in our contracts. To that end, we expect that you will require us to review our technical measures, organisational measures, policies and procedures (which we are doing as per above) but also to potentially enter into new contracts with your organisations where required. Where this is the case you may contact our national Data Protection Officer (DPO) (firstname.lastname@example.org) to outline your requirements/requests. From here our DPO will liaise with the necessary departments to ensure the necessary arrangements are in place.
 The UK version is currently going through Parliament