A guide to stewards and safety representatives' responsibilities under the General Data Protection Regulations 2018.
The General Data Protection Regulations (GDPR) set out rules governing data protection and information security, including requirements to obtain consent to use people’s data and financial penalties for organisations that commit serious data breaches.
As CSP members you will be very familiar with the principles of confidentiality in relation to patients. The same principles apply to any case work or member data you use in your role as a CSP steward or safety rep.
As a rep you will inevitably come across member information of a personal and sensitive nature such as disciplinary actions, medical information and so on. Members trust the CSP to use their personal information responsibly and keep it safe and secure.
This guidance is designed to provide common sense, practical advice and information to help you do that. Please read it carefully to ensure you protect members’ information as well as you can and avoid any complaints.
What you can do:
- Keep up to date on new guidance as it is published
- Mark emails and documents as “Confidential – Union Business”
- Store material in dedicated Union folders/locations outside of employer systems if practical
- Remember that most employers will have the right to review any material on their systems, including for SARs
- Don’t put anything in writing that you would be embarrassed by
- Please refer any requests for data access to us straight away at data.protection@csp.org.uk, or contact your SNO, and do not respond directly to the request.