Data protection for co-operatives and mutuals
You will hold many types of personal information about a wide range of people with whom you engage. Ensuring that you and your staff understand your duties and obligations as guardians of this data is an essential part of any successful social business setting.
The Data Protection Act 1998 has been superseded by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which took effect in May 2018. This new regime has revolutionised data protection law and information rights, acting as a catalyst for a new culture of privacy that you must embed within your organisation through effective policies and procedures.
Data protection and information sharing
Our team’s understanding of how the new regime impacts the social business sector allows us to work closely with a variety of clients, including community organisations, co-operatives and mutuals, social enterprises, and value-driven businesses, to help them manage their data protection compliance programmes. We can guide you on data protection and how to handle and share information to ensure compliance with the new regime.
The GDPR states that you must make sure the information you hold is:
There is stronger legal protection for more sensitive information, such as:
There are additional safeguards for personal data relating to criminal convictions and offences.
Under the new regime, everyone has the right to find out what information you hold about them. These include the right to:
Data protection advice for co-operatives and mutuals
Our team of experts can help to guide you through this regulatory maze, advising you on the best approach for capturing, handling and sharing information within your organisation so you don’t fall short of your obligations. We can help you identify risks that could result in data breaches, penalties and reputational damage, and put plans in place to mitigate and manage them if they happen.
We advise co-operatives and mutuals on all areas of data protection and information law compliance, as well as providing guidance on freedom of expression, privacy, reputation and information rights generally. We can help you with the following:
Contact Clare Paterson.
Daniel Brewer from Resonance talks about his journey into investing in enterprise with a social purpose, and discusses what the landscape looks like for social businesses post Covid-19.
The Supreme Court has allowed two appeals concerning 'vicarious liability', providing helpful clarity for claims of this kind and seemingly reining in the scope of such claims.
There has been a huge rise in the use of video conferencing and online messaging services while we are at home due to the Covid-19 related lockdown.
Several myths are circulating the relaxation of data protection rules and compliance. We can help clarify these myths.
The UK Information Commissioner’s Office (ICO) has recently made some noteworthy changes to its guidance around data subject access requests (DSARs).
The Freedom of Information (extension) Bill seeks to expand the perimeters of the current legislation so that bodies working with or on behalf of public authorities will be directly caught by the Act.
A recent High Court decision could have repercussions for our clients who communicate via social media group accounts but don’t actually compose some or all of the messages the organisation posts.
In October 2018, it was reported that Heathrow Airport Ltd had been fined £120,000 by the Information Commissioner’s Office (ICO) for failing to keep personal data secure.
The GDPR and DPA 2018 have already been in force for nearly four months. Here we talk through some of the key learnings since May.
In what has been a veritable deluge of data protection-related developments, we now have in our midst, a brand-new, homegrown iteration of data protection legislation; the Data Protection Act 2018.
