Hello again from UNISON’s Data Protection Team
Mandatory Data Protection Training
At National Delegate Conference in June, the following rule was passed:
G4.1.7 All Branch Officers shall complete the Union’s mandatory data protection training within three months of being elected; and any subsequent annual refresher training.
If you or your Branch Officers have not completed this training within the past twelve months, you are required to do so as soon as possible.
We recognise how busy you all are supporting your members and undertaking work for the branch, so we have ensured that the training is as quick and simple to undertake as possible. The training takes approximately 20 minutes and can be accessed by clicking on the following link – UNISON e-learning
To log on, you will need your MyUNISON details. If you cannot remember your log-in details or require your password re-setting, you will need to contact UNISONdirect on 08000 857857. If you have any issues accessing the training module, please contact the Data Protection Team on dataprotection@unison.co.uk
Following a data breach, the Information Commissioner’s Office (ICO), the regulatory body for data protection in the UK, instructed UNISON to make data protection training mandatory for everyone who handles personal data. While many of you will have received data protection training from your employer, being a trade union, UNISON processes large amounts of special category data which by law requires extra protection and any training provided by your employer will not satisfy this requirement.
UNISON’s mandatory data protection training will prepare you for many of the eventualities related to data protection and processing activities unique to a trade union. It can also aid you in dealing with issues with employers. As Bbanch officers this training will ensure that you understand your important role in data protection and are able to carry out your responsibility, to help UNISON meet its obligations.
If you have any questions regarding the contents of the training or any other data protection issues, please contact the Data Protection Team on dataprotection@unison.co.uk
Organising Space
A data protection ‘knowledge base’ for branch activists is now live on the Organising Space. It holds key documents such as a breach reporting form and the branch retention schedule, as well as guidance on topics such as contacting members during ballots etc.
Branch Data Protection Handbook
A review of the Branch Data Protection Handbook is underway. We have asked for feedback from branches via the regional data protection leads on suggestions for topics to cover. However, you can contact us directly on dataprotection@unison.co.uk
Subject Access Requests (SARs)
At the end of July, we had already met 70% of 2022’s total for the administration of subject access requests. This data subject rights gives individuals the right to obtain a copy of their personal data.
A response to a SAR should be provided to the individual within a statutory deadline of one month of receipt of the request. There is a considerable amount of work involved in processing a SAR which is why when requesting data, the Data Protection Team will give the branch a deadline for when they require it by. After the data has been provided, it is reviewed and exemptions in accordance with data protection legislation applied. This is incredibly time consuming, particularly when the data subject is asking for all data. If there are any issues meeting a deadline given, please let the Data Protection Team know immediately.
Due to these strict deadlines, it is essential to identify potential SARs as quickly as possible – bear in mind that a SAR does not have to be made in writing, and a request for personal data can be made in person or by telephone. A SAR may be as simple as a request for a copy of someone’s case file or an inquiry about the contents of an email relating to that person, but must always be treated seriously.
Further information on subject access requests can be found in the Branch Data Protection Handbook and on the Organising Space.
Data Breaches
At the end of July, we had already met 96% of 2022’s total for the number of data breaches reported to the Data Protection Team.
Under data protection legislation, certain types of data breaches must be reported to the Information Commissioner’s Office (ICO) within 72-hours of discovery. This time limit begins when any individual within the organisation discovers a breach has occurred. It is therefore imperative that any suspected breach is reported to UNISON’s Data Protection Team immediately on dataprotection@unison.co.uk.
More information on data breaches can be found in the Branch Data Protection Handbook and on the Organising Space.