The GDPR and the Data Protection Act 2018 brings strict requirements on how we handle personal data.
The Information Commissioner has a helpful guide on the General Data Protection Regulation (GDPR) which explains the key data protection principles, rights and obligations for organisations.
Under the GDPR, you have rights regarding the personal data the council, as the data controller, processed about you. We have prepared a guide on those rights, known as Data Subjects Rights.
You can download a copy of the full Data Subjects Rights leaflet.
How are we complying?
Statement of Compliance
You can read the council's Data Protection Statement of Compliance.
Staff training is carried out across the council to help educate them to be fully aware of their obligations under the regulation and Act.
Detailed privacy notices will be issued each time we gather your data, to inform you of how we will handle your data and your rights. This sample privacy notice will give you a general overview of how the council will handle your data.
We have amended our contract clauses to meet the GDPR standards and expect all contractors to demonstrate that they meet the requirements for data handling.
Data sharing agreements
Review all data sharing agreements and ensure that all data sharing is covered by a contract or data sharing agreement.
Data protection impact assessments
A Data Protection Impact Assessment (DPIA) is a risk based review of data processing and focuses on the wider implications of privacy and freedoms. We will carry out a DPIA on all new or changed data processing.
We have a large suite of Information Governance policies which are all regularly reviewed.
Retention and disposal schedules
The council has a responsibility to manage the information we hold about you. All personal information provided to us is kept secure and confidential at all times and is only held as long as necessary or as required by law.
View the council’s Retention and Disposal Schedules.