THE PROFESSIONAL UNION and the GDPR

A professional union is a professional or categorical organization of a private nature whose aim is to ensure the defense of the material and moral interests of its members.

This type of organization can bring together employees (employee union) or members of the employers (employer organization).

Trade unions bring together people practicing the same profession, similar or related trades. Their exclusive purpose is the study and defense of the rights, as well as the material and moral, collective and individual interests of workers. They have the capacity to take legal action to ensure the defense of these interests.

Unions negotiate collective agreements and branch, company or establishment agreements with employers' associations.

As with any organization processing personal data, professional unions may process different categories of personal data of their members, employees, contacts, etc.

Personal data may include:

• Identifying information such as name, surname, date of birth, address, telephone number, email address, etc.
• Financial information such as bank details, donation and payment information, etc.
• Connection data such as IP addresses, login IDs, passwords, etc.
• Sensitive data such as health status, political or religious opinions, of course union membership, etc., which may be collected if they are necessary for membership of the association or for specific activities.

Professional unions must comply with the rules for the protection of personal data set out in the General Data Protection Regulation (GDPR) and the Data Protection Act.

Importance of GDPR for professional unions

Professional unions regularly process personal data of their members, employees, partners, and other stakeholders. This data may include personally identifiable information such as names, addresses, telephone numbers, and email addresses, as well as sensitive data such as union membership, health information, or political opinions. The GDPR aims to ensure that this data is processed securely and transparently, thereby protecting the privacy of the individuals concerned.

GDPR principles applicable to professional unions

Legality, loyalty and transparency: Trade unions must process personal data lawfully, fairly, and transparently. This includes clearly informing individuals about how their data is used and obtaining their explicit consent for the processing of their data.

Limitation of purposes: Personal data must be collected for specific, explicit and legitimate purposes, and must not be further processed in a manner incompatible with those purposes.

Data minimization: Professional unions must ensure that they only collect and process personal data that is strictly necessary to achieve the purposes for which it was collected.

Exactness: Personal data must be accurate and, where necessary, kept up to date. Professional associations must take all reasonable steps to ensure that inaccurate data is rectified or deleted.

Conservation limitation: Personal data should only be kept for as long as necessary to achieve the purposes for which it was collected.

Integrity and confidentiality: Professional unions must ensure the security of personal data by implementing appropriate technical and organizational measures to protect data against unauthorized access, modification, disclosure or destruction.