Data protection guidance for RCM Activists

Should you suffer a data breach in regards to your role as an activist you must report it immediately please email [email protected] or call 0300 303 0444 and provide as much information as possible including any actions you have taken. You can be asked to complete a data breach form detailing the actions you have taken to inform all those affected by the breach.


  • Store paper records in locked draw or filing cabinet.
  • Keep papers out of site.
  • Ensure all computers and laptops are password protected.
  • Regularly update software and anti-virus software.
  • Password protect electronic files if sending by email and send the password in a separate email or call the recipient with it.


  • Never use a shared email address for trade union work.
  • Always use bcc when sending a group email and send it to yourself.
  • Never forward on a email from the RCM to an all staff email list in your Trust or Health Board.
  • Check the full email conversation before forwarding and remove email addresses where necessary.
  • Calendar invites can't be bcc'd it is good practice to  copy the invite details into an email and blind copy to all recipients.


  • Don’t keep a list of members longer than required as specified in the original data request.
  • Only keep case files for as long as the case is running once completed you can hand the file to the member or ask your national or regional officer where to store it.
  • Don’t store files on a shared computer/laptop unless they are password protected.
  • Delete electronic files when they are no longer needed, shred and paper ones.

We recommend that all Activists complete the GDPR training available on i-learn. You should ensure you data protection training is update with your Trust or Health Board.

Protecting branch members’ data

Consent to join Activists WhatsApp group

TUC - using WhatsApp in union organising and communications

How should you protect such information?

From time to time the RCM will provide you with details of the RCM members who work in the branch  represent. This may include members’ names and contact information.

In order to make sure that the RCM complies with data protection and privacy laws, it is very important that you store and use this information carefully and appropriately. This means that you must:

  • Only use the information for the purpose of fulfilling your duties as a RCM Activist, and for no other purpose;
  • Only send communications to members that relate to the RCM or to fulfil your duties as a RCM Activist;
  • Tell members to RCM Connect of any updates to their personal information or to make the changes themselves on the RCM portal.
  • Keep members’ personal information safe, secure and confidential. 
  • Do not share members’ information with any other person or third party; and
  • Let RCM know immediately if you become aware that you have lost any members’ personal information, or your systems on which the information is stored are hacked.