The General Data Protection Regulation (GDPR) and a new UK Data Protection Act is now in place bringing new requirements on how we handle personal data.
The Information Commissioner has a helpful guide on the General Data Protection Regulation (GDPR) key requirements.
We have prepared a guide on Data Subjects Rights.
Download a copy of the full Data Subjects Rights leaflet. If you wish to view a specific section please select from the following.
What are we doing to prepare?
You can read the council's Data Protection Statement of Compliance.
Staff training is being rolled out across the council.
Detailed privacy notices will be issued for each time we gather your data, to inform you of how we will handle your data and your rights. This privacy notice will give you a general overview of how the council will handle your data.
We are amending our contract clauses to meet the GDPR standards and will expect all contractors to demonstrate that they meet the requirements for data handling.
Data sharing agreements
Review all data sharing agreements and ensure that all data sharing is covered by a contract or data sharing agreement.
Privacy impact assessments
A privacy impact assessment is a risk based review of data processing and focuses on the wider implications of privacy and freedoms. We will carry our Privacy Impact Assessment on all new or changed data processing.
We have a large suite of Information Governance policies and all will be reviewed in before May 2018.
Retention and disposal schedules
The council’s Retention and Disposal Schedules set out the legislation, guidance and best practice regarding record retention and disposal.