Data protection guidance for RCM Activists
Should you suffer a data breach in regards to your role as an activist you must report it immediately please email dataprotection@rcm.org.uk or call 0300 303 0444 and provide as much information as possible including any actions you have taken. You can be asked to complete a data breach form detailing the actions you have taken to inform all those affected by the breach.
Security
- Store paper records in locked draw or filing cabinet.
- Keep papers out of site.
- Ensure all computers and laptops are password protected.
- Regularly update software and anti-virus software.
- Password protect electronic files if sending by email and send the password in a separate email or call the recipient with it.
Emails
- Never use a shared email address for trade union work.
- Always use bcc when sending a group email and send it to yourself.
- Never forward on a email from the RCM to an all staff email list in your Trust or Health Board.
- Check the full email conversation before forwarding and remove email addresses where necessary.
Storage
- Don’t keep members list longer than required as the data.
- Only keep case files for as long as the case is running once completed you can hand the file to the member or ask your RO/NO where to store it.
- Don’t store files on a shared computer/laptop unless they are password protected.
- Delete electronic files when they are no longer needed and shred and paper ones.
We recommend that all Activists complete the GDPR training available on i-learn. You should ensure you data protection training is update with your Trust or Health Board.
How should you protect such information?
From time to time the RCM will provide you with details of the RCM members who work in the branches you represent. This may include members’ names and contact information.
In order to make sure that the RCM complies with data protection and privacy laws, it is very important that you store and use this information carefully and appropriately. This means that you must:
- only use the information for the purpose of fulfilling your duties as Branch Secretary/WPR, and for no other purpose;
- only send communications to members that relate to the RCM or to fulfilling your duties as Branch Secretary/WPR;
- let the RCM know promptly if members inform you of any updates to their personal information (e.g. new phone numbers)
- keep members’ personal information safe, secure and confidential. This means you should keep such information locked away, and should ensure that all electronic copies are not readily available to others, for example, by applying passwords to the systems on which they are held;
- not share members’ information with any other person or third party; and
- let RCM know immediately if you become aware that you have lost any members’ personal information, or your systems on which the information is stored are hacked.
