Parish Council General Data Protection Regulations

General Data Protection Regulations

Data Protection

An essential activity within the council is the requirement to gather and process information about the staff and people who use our services. This will be done in accordance with the General Data Protection Regulations (GDPR), the Data Protection Act 1998 (The Act) and other related government legislation.

GDPR
The General Data Protection Regulation (GDPR) is an EU regulation that establishes a new framework for handling and protecting the personal data of EU citizens. ( This will still apply after Brexit)
It introduces new obligations and liabilities for all organisations – including parish councils, that handle personal data and new rights for individuals in respect of their personal data. All organisations must comply with the new rules by 25 May 2018.
For Bishopton Parish Council itself, as a corporate body, it is the formal Data Controller and as such must meet its obligations.

Information held by Bishopton Parish Council
A data audit of all personal data has been carried out.
This includes:-
1.    What is held
2.    Where it came from
3.    Who it is shared with
4.    The legal basis for holding it
5.    Whether consent is necessary
6.    How it is protected

In addition, Bishopton Parish Council is aware of the ICO’s code of practice and the risk to information privacy.

In particular Bishopton Parish Council looks to minimise this riisk by looking to ensure personal information is
•    Accurate and up to date
•    Relevant
•    Not kept too long
•    Not disclosed to those who the person it relates to does not wish to have
•    Not used in ways that are unacceptable to or unexpectaedly by the person it is about
•    Kept securely

Individual Rights
Bishopton Parish Council has reviewed and amended all of its policies and procedures in order that they cover all the rights which individuals have including:-
•    Information and Data Protection Policy 2018
•    Social Media Policy
•    Removable Media Policy
•    Document Retention and Disposal Policy

Communicating Privacy Information
Bishopton Parish Council has reviewed all of their Privacy Notices and Privacy Impact Information including:-
•    Privacy Impact Assessment Information
•    Privacy Notice as below

Subject Access Requests / Consents / Data Breaches
Bishopton Parish Council has updated its procedures in respect of handling requests and providing information.
•    Subject Access Form
•    Data Breach Form
•    Consent Form

Children
Bishopton Parish Council does not hold any information / data on any child.

Data Protection Officer
Bishopton Parish Council is aware that the need to appoint a Data Protection Officer and is now not necessary following the Act of Parliament passed on 24th May 2018