We store cookies on your device to make sure we give you the best experience on this website. I'm fine with this - Turn cookies off
Switch to an accessible version of this website which is easier to read. (requires cookies)

What you need to know about GDPR

April 27, 2018 1:55 PM
By Sanjay Samani and Richard Kember in Liberal Democrat Voice

work computer businessWith one month to go until the introduction of the General Data Protection Regulation (GDPR) the focus for many is rightly the local elections. The team at LDHQ is still working hard and we recognize the importance of breaking down the legislation into smaller chunks. So we have developed a short, three-step process for handling data:

Download, Use, Delete.

We have been mentioning our new mantra recently in training and comms, but it would probably help if we took some time to explain in a bit more detail.

In short, we are trying to describe the ideal journey of data through your computer or personal files. To clarify, below we are talking about Lib Dem data exported from systems on the soon to be released Approved Supplier list.


All information we use should be coming from a limited number of sources. For example: Salesforce for members, Connect for canvassing and Nationbuilder, Prater Raines or other approved platforms for online email sign-ups.

All of the above provide safe storage for data at rest, which from a data security standpoint is important.

Before downloading anything make sure that you have identified opt-outs and unsubscribes. It may sound a bit simplistic but it's hugely important to do so.


When using information, there are a few things you need to keep in mind. Firstly, where did it come from and why was it collected. Data should only be used in accordance with the reason specified when first collected. We must respect where we have only gained consent to contact a person about a named campaign.

Secondly, think about who will be seeing the raw data, and whether you absolutely need to share it. For example, a printer obviously needs to see a list of names and addresses to produce a targeted mailing. However, the supporter delivering the same mailing not so much.

Where you must share data then make sure that any file is encrypted, sent by secure transfer or one of the approved cloud storage tools.

By keeping the pool of people accessing and using a data set to a minimum, the risk of a data breach is reduced proportionally.


Throughout the GDPR project so far we have stressed the importance of encryption as a last resort in storing data. Wherever possible the ideal remains not to store data in the first place.

Where there is data you cannot avoid storing on your computer, then the hard drive must be encrypted. Overall it is easier and safer to delete a file from your computer once finished with the data. The same is true to hardcopies.

Once you have finished entering data from a canvass session (for example) the best place for the sheet is in a shredder or secure disposal bin. In no terms should paper displaying any personal data be re-used, recycled whole or put in the rubbish.

Keeping the Lib Dem data you hold to a minimum reduces the risk of it being stolen, used in error or sent to someone it shouldn't be.

From the start we've tried to make it clear that GDPR is going to mean big changes in the way the Party works. This remains the case. While there is more to being compliant with GDPR than Download, Use, Delete, it's a pretty good place to start.

As a reminder there is a whole range of materials about GDPR on the Member's Section of the Party website. Please check it out, along with the newly added Data Protection Manual which is being updated overtime ahead of 25th May 2018.

* Sanjay Samani and Richard Kember lead the GDPR Team in LDHQ.