1. The legal framework

The purpose of the GDPR is to protect the privacy of individuals whose personal information is used by someone else other than for purely personal use. It applies to trade unions in relation to their members and employees, and to the recruitment of potential members and employees. Since it also applies to employers generally, it is relevant to trade union representatives in workplaces who need to be ready to challenge the misuse or potential misuse of their own or their members’ data by their employer. Branch or workplace reps may therefore be asked about data protection in connection with both the trade union’s and the employer’s policies and practice.

This chapter explains the legal framework of the GDPR: who it applies to and what information is protected; its territorial scope; and the legal obligations it imposes.