General Data Protection Regulation ( GDPR ) Policy Document

1. Awareness

The Ulster Federation of Credit Unions will make sure that decision makers and key people within each of our affiliated credit unions are aware that the law changed on the 25th May 2018 to the GDPR. To ensure the changes are understood by our volunteers and staff, we have supplied each of our affiliated credit unions with a Data Protection Booklet which has been updated for GDPR.

2. Communicating privacy information

The Ulster Federation of Credit Unions will ensure that our affiliated credit unions are aware that under the GDPR they need to explain to their members the lawful basis for processing the data, their data retention period and the fact members now have a right to complain to the ICO if they think there is a problem with the way in which their credit union is handing their data.

3. Information we hold

Information our affiliated credit unions hold about their members will not be disclosed to anyone outside the Ulster Federation of Credit Unions, other than:

  • If we are required by law to give the information.
  • Where we have a public duty to disclose information.
  • Where disclosure is required for our legitimate business interests.
  • Where disclosure is made with your consent.

4. Products and Services

The personal information our affiliated credit unions request from their members is required to enable them to effectively provide or administer a product or service for said members. The information may be held on a computer database and/or in any other way and will be treated confidentially.

5. Credit Scoring and Credit Reference Agencies

Our affiliated credit unions may use automated credit scoring methods to access a members application. Credit Scoring takes into account information provided directly by the member, any information we may hold about the member, and any other information we may obtain from other organisations.

6. Individuals’ Rights

The GDPR includes the following rights for individuals:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • The right not to be subject to automated decision-making including profiling. Any such request will be dealt with free of charge.

7. Financial Crime Prevention

In order to prevent and detect fraud, money laundering or criminal activity and to trace those responsible our affiliated credit unions will take the following steps:

  • If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies.
  • Law enforcement agencies may access and use this information.
  • We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
    • Checking details on applications for credit and credit related or other facilities.
    • Recovering Debt.
    • Checking details of job applicants and employees.
  • If other criminal activity is identified, details will be passed to the relevant authorities.

8. Children

Our affiliated credit unions will not offer an online service to persons less than sixteen years of age. We recognise that GDPR has special protection for children’s personal data and our affiliated credit unions will obtain suitable consent from a parent or guardian to process their personal data lawfully. The GDPR sets the age when a child can give their own consent to this processing at sixteen years of age. The Ulster Federation of Credit Unions recognises that any privacy notice must be written in language that children will understand.

9. Data Breaches

The Ulster Federation of Credit Unions recognises that the GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals. The Ulster Federation of Credit Unions will ensure our affiliated credit unions are aware that where there is a risk to the rights and freedoms of individuals, if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage, such a breach should be notified to the ICO.

10. Data Protection by design and Data Protection Impact Assessments

As a responsible trade body, we will familiarise our affiliated credit unions with guidance the ICO has produced on PIA’s as well as guidance from the Article 29 Working Party, and provide guidance for our affiliated credit unions as and when required.


The Ulster Federation of Credit Unions was formed in 1995 having previously been a member of the National Federation of Credit Unions.


Ulster Federation of Credit Unions
Credit Union House,
218 - 220 Kingsway,
Dunmurry, Belfast,
BT17 9AE

Call: 028 9030 1204 Email: