With the General Data Protection Regulation (GDPR) coming into force on 25 May, co-ops across different sectors will have to examine how they comply with the new legislation.
Agreed two years ago, the EU’s data protection framework will be adopted in the UK as well, irrespective of Brexit.
David Alcock of Anthony Collins Solicitors says the new regulation is not as big of a change as it might seem, and compliance should be seen as a journey, rather than a race. Mr Alcock was speaking at the annual conference of the UK’s Confederation of Co-operative Housing (CCH) on 12 May.
The UK already has data protection law through its Data Protection Act of 1998.
“If you are already looking after people’s data you are not starting from scratch, just building on that,” he said, advising co-op members to check the Guide to data protection published by the Information Commissioner’s Office.
Co-operatives UK has worked with Anthony Collins Solicitors to produce GDPR practical guide for co-ops, which was published in March 2018. The Confederation of Co-operative Housing has also provided general guidance on data protection for its members.
Mr Alcock explained that when organisations, including co-ops, process data about a person, they are expected to behave in a certain way. For housing co-ops, the law can have different implications not only when collecting information from members for the first time, but also in terms of storing information about current tenants.
Co-ops will need to inform people they are keeping information about them, obtain their consent to do so, be transparent about how they use the information, collect information for specific purposes only and ensure this information is accurate and up to date.
Under the new law organisations must also ensure they do not keep people’s personal data for longer than necessary. Data subjects also have the right to ask organisations to reveal for free what information they hold about them within one month of them making the request.
“You need to make sure the information you are keeping is safe and you have appropriate measures in place to help you do that,” he added. In case of data breaches, co-ops need to inform those whose data has been breached, as well as the Information Commissioner’s Office. Furthermore, tenants have the right to object to data processing.
“If you use tenants’ information for marketing purposes and they say they don’t want to send it anymore that’s a right and you have to comply with that,” said Mr Alcock.
Former tenants can also ask housing co-ops to delete the information they hold about them and ask that third party organisations working with the co-op do the same.
“You need do be clear with your tenants and members about who does what within the co-op and what information they will get as part of that.
“Ask yourselves – where is the information stored, who has access to it, and what are we using it for?”, added Mr Alcock.
