Back to Top

GDPR

Parkham Parish Council Data Protection Policy 2023/2024
Adopted 7th August 2023
Awareness
All councillors will be made aware of the Data Protection Policy, and the requirements of the GDPR.
All need to be aware of the impact of a breach. The Data Protection Policy needs to be adopted by a formal resolution at a Council meeting and reviewed annually.
Accountability
Data handling processes will be reviewed on an annual basis and the clerk will regularly check for changes in data protection laws that require changes to our processes. The Parish Council is registered with the Information Commissioner’s Office and has adopted this Data Protection Policy.
Information we hold
The Parish Council keeps personal data that is necessary for the legitimate interests of the organisation. We keep names, job titles, email addresses, phone numbers and home addresses of those who we have need to be in regular contact with.
Data comes from those who we work with, or who supply data to us in order for us to collaborate or inform. We do not share data outside the organisation without specific, explicit permission.
Data protection by design
Personal data is not left displayed on screen.
Personal data can be deleted upon request from a subject.
Personal data is not given out to other parties unless specific explicit permission has been obtained. This includes the use of blind carbon copy on any group emails outside the organisation.
Personal data shown on papers that are required to be made public (such as correspondence and meeting papers) is redacted before being made public, unless specific explicit permission has been obtained.
Any staff employed will be given data protection advice and training before being granted access to personal data.
All those within the organisation (councillors) are aware of the importance of data protection.
The clerk will regularly check the contact details that we hold and delete anything that is inaccurate or no longer relevant.
Council has no need for a Data Protection Impact Assessment as our processing is unlikely to result in a high risk to the rights and freedoms of individuals. This will be reviewed regularly.
Data Protection Officer. It is not necessary for the council to have a Data Protection Officer.
Lawful Basis for processing data
We process data because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Consent
When consent is required to share data outside of the organisation, the subject will be contacted and consent will be clearly requested. This consent will be recorded in a document so that it can be presented for a data protection audit.
Parkham Parish Council Data Protection Policy 2023/2024
Adopted 7th August 2023
Children
Council does not hold data relating to children.
Freedom of Information Requests
These must be responded to within 20 working days. Fees as outlined in Council’s Freedom of Information Guide. It is reasonable to enquire why information is requested in order to better satisfy the request. Requests will be satisfied by the Clerk.
Communicating Privacy Information
Privacy notices will be made available on our website.
Individuals Rights
Steps will be taken to ensure that the rights of the individual will be maintained. The GDPR includes the following rights: the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right object and rights in relation to automated decision making and profiling. Requested data must be provided in a structured, commonly used and machine readable form. It must also be provided free of charge. If personal data concerns more than one individual, it must be considered whether providing the information would prejudice the rights of any other individual.
Subject Access Requests
Subject access requests must be responded to within a reasonable time frame, no longer than a month. This can be extended by a further two months if requests are complex or numerous but individuals must be informed. No fee may be charged. Requests will be satisfied by the Clerk.
Data Breaches
In the event of a significant breach of data such as a hack, or mistake regarding the sharing of personal data, any potential victim will be informed as soon as possible.
International
Council does not operate outside of the United Kingdom.
General Data Protection Regulation
Was introduced in May 2018, and will apply to all data controllers and processors. It applies to personal data, but makes it clear that information such as any online identifier (IP address) can be personal data. Applies to both automated personal data and manual filing systems.
Personal Data will need to be:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals;
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that
is incompatible with those purposes; further processing for archiving purposes in the public interest,
scientific or historical research purposes or statistical purposes shall not be considered to be
incompatible with the initial purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Parkham Parish Council Data Protection Policy 2023/2024
Adopted 7th August 2023
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.