The General Data Protection Regulation - a practical guide for trade unionists (March 2018)

Chapter 5

Security

[ch 5: page 34]

You need to have an appropriate system in place, both in terms of technology and organisation, to help ensure that personal data is not processed unlawfully (for example, by disclosing it to someone who is not authorised to receive it), lost, destroyed, or damaged.

What is appropriate depends on the type of data you hold, how sensitive it is and what damage could result in its improper use; how it is processed, and who has access to it. However, appropriate systems could include:

• storing paper records in a locked filing cabinet overnight;

• keeping papers out of view of visitors;

• locking away laptops;

• ensuring all computers and laptops are suitably password protected;

• regularly updating software and anti-virus software to prevent loss of data; and

• encrypting documents containing special categories of data such as union membership.


This information is copyright to the Labour Research Department (LRD) and may not be reproduced without the permission of the LRD.