Data Protection and GDPR

Data Protection is a legal requirement that helps us to handle people’s personal information fairly and safely. Data protection law isn’t limited to collecting or disclosing information, but also covers recording, organising, storing, altering and transferring information.
At Network Rail we handle large amounts of personal information, and we all have a responsibility to do so in a fair, accountable and safe way. Data protection gives individuals the right to have their personal information respected and protected but there are business benefits too:

  • It can improve the quality of the information we have and strengthen our records management.
  • Help us be alert to the security of the data we are responsible for.
  • Encourage us to act in a fair and transparent way.

GDPR came into effect on 25 May 2018. The way we handle personal information has changed.

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, which will provide greater protection for individuals’ personal information. These changes will affect all of us, so being prepared for the GDPR is important.

Network Rail colleagues, Are you ready? What to do next…

The Data Protection team is asking all colleagues to:

  • Complete the e-learning module ‘Data Protection Essentials’ on Network Rail eLearning It will take 40 mins.Select it from the Corporate and Social Responsibility heading in the Course Catalogue.
  • Hold a cascade briefing with your team and to think about what personal information you may have. Which can be found in the attachment section (See briefing folder, far-right of the page.).

Personal information

Personal information (or personal data) is any information relating to someone you can or could identify. Examples of personal information include rota details, next of kin, team birthdays, HR records, username or contact details of your customers and suppliers.
Personal information includes information stored electronically, on video and audio recordings (for example CCTV), phone calls, text messages, social media, and GPS data and paper records.

Are there any top tips for handling personal information?

  • Only keep personal information for the purpose for which you have collected it
  • Keep it in a safe place and only allow people access who need it
  • Keep it up to date and when you no longer require it, dispose of it securely
  • Keep it safe from misuse, accidental loss, destruction or damage
  • Anyone can ask for the information we hold about them, so make sure you can access it easily access it
  • If you receive a request for personal information you should contact the data protection team
  • Keep a record of what systems you use, what information is put in them for what purposes, and who has responsibility for them, so it’s clear who is accountable
  • If you are dealing with our suppliers, contractors and third parties make sure they are complying with current and future legislation

We’re here to help

If you have any questions or need further support, please contact us at:

← Back