HomeStructure of the CouncilDates of Next MeetingsAgendasFull Council Meeting MinutesFinance and General Purposes Committee Meeting MinutesAnnual Parish Meeting MinutesGrant Aid for Local Groups - Guidelines for ApplicantsBulletin BoardContact UsFurther Information

GENERAL DATA PROTECTION REGULATION (GDPR)

& INFORMATION SECURITY POLICY

 

Smith’s Wood Parish Council recognises its responsibility to comply with the General Data Protection Regulation, which regulates the use of personal data.  This does not have to be sensitive data; it can be as little as a name and address.

 

            1.         The General Data Protection Regulation

The General Data Protection Regulation sets out the standards for all activities that cover the collection, use or other processing of personal and sensitive data. 

 

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Biometrics - CCTV, finger print, retinal scan etc.; IP Addresses - static and dynamic; Mobile device ID; Genetic data.)

 

Sensitive Data (Special Categories of Personal Data) means any information relating to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

 

As a local authority Smith’s Wood Parish Council has a number of procedures in place to ensure that it complies with The General Data Protection Regulation.  The Parish Council has also notified the Information Commissioner that it holds personal data about individuals.  When dealing with personal data, Smith’s Wood Parish Council staff and Councillors must ensure that:

 

  • Data is processed lawfully, fairly and in a transparent manner in relation to individuals    

  • Data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research or statistical purposes shall not be considered to be incompatible with the initial purpose      

  • Data is adequate, relevant and limited to what is necessary to the purposes for which they are processed           

  • Data is accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay       

  • Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals  

  • Data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

     

    2.         Storing and Accessing Data

    The Parish Council recognises its responsibility to be open with people when taking personal details from them.  This means that Councillors and staff must be honest about why they want a particular piece of personal information.  If, for example, a member of the public gives their phone number to staff or a member of Smith’s Wood Parish Council, this will only be used for the purpose it has been given and will not be disclosed to anyone else without the person’s permission.

     

    The Parish Council may hold personal information about individuals such as their addresses and telephone numbers.  This is securely kept at the office of the Parish Clerk or, if the individual is a member of the Parish Council’s gym, in the gym office and is not available for public access.  All data stored on the Clerk’s of gym’s computer is password protected.  Once data fall outside the minimum retention time of Council’s document retention policy, it will be shredded or securely deleted from the computer.

     

    The Parish Council is aware that people have the right to access any personal information that is held about them and recognises that they have the following rights:

  • The right to be informed

  • The right of access

  • The right of rectification

  • The right to erase

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling

     

    If a person requests to see any data that is being held about them

  • They must be sent all of the personal information that is being held about them

  • There must be explanation for why it has been stored

  • There must be a list of who has seen it

  • It must be dealt with within the prescribed time limits

    A fee to cover photocopying and postage charges will be charged to the person requesting the personal information.

     

    3.         Disclosure of Personal Information

    If an elected member of the Council needs to obtain personal information to help carry out their duties, this is acceptable.  They are only able to obtain as much personal information as necessary and it should only be used for that specific purpose.  If, for instance, someone has made a complaint about over hanging bushes in a garden, the Clerk may give a Councillor the address and telephone number of the person who has made the complaint so they can help with the enquiry.  A Councillor may only do this providing they represent the area that the subject lives in.  Data should never be used for political reasons unless the data subjects have consented.

     

    4.         Confidentiality

    Smith’s Wood Parish Council Councillors and staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise.  When handling personal data, this must also remain confidential.    

     

    5.         General Data Protection Regulation Restriction

    The General Data Protection Regulation imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations.  These restrictions are in place to ensure that the level of protection of individuals afforded by the General Data Protection Regulation is not undermined.