The new General Data Protection Regulation (GDPR) legislation came into effect on 25th May 2018. It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection regarding how their personal data is used.
The GDPR applies to East Goscote Parish Council as a public authority.
The GDPR’s main concepts and principles are very similar to those contained in the current Data Protection Act 1998 and the Information Commissioner’s Office remains the regulator in charge of data protection and privacy issues.
The GDPR has a number of underlying principles. These include that personal data:
- Must be processed lawfully, fairly and transparently.
- Is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent.
- Should be adequate, relevant and limited i.e. only the minimum amount of data should be kept for specific processing.
- Must be accurate and where necessary kept up to date.
- Should not be stored for longer than is necessary, and that storage is safe and secure.
- Should be processed in a manner that ensures appropriate security and protection.
ICO Registration document
The Data Protection Act 1998 requires every data controller (eg organisation, sole trader) who is processing personal information to register with the ICO.
A copy of the Council’s Registration details are below:
General Privacy Notice
The transparency requirements under the GDPR require councils to provide individuals with extensive information about how their personal data is collected, stored and used. This information must be easily accessible, transparent and presented using clear and plain language. In practice, this means that councils will need to include more information in their privacy policies, as well as retaining more detailed records of their data processing activities in relation to their staff, customers and third parties.
A copy of the Council’s General Privacy Notice is below:
Data Protection/Data Breach
East Goscote Parish Council is committed to the lawful and transparent processing of data as set out in our Data Protection Policy which was adopted in May 2018.
Subject Access Requests
To legally process data under the GDPR the Council must have a ‘lawful basis’ to do so. This is included in the Council’s ICO registration (see above). Individuals have the right to know what data the Council holds on them, why the data is being processed and whether it will be given to any third party. They have the right to be given this information in a permanent form, known as a ‘subject access request’.
Under the GDPR the right of data subjects to request information about the personal data processed by councils remains largely the same.
The time limit to comply with a Subject Access Request (“SAR”) has been reduced from 40 calendar days to one calendar month. The ability to charge £10 per SAR has been removed so all SARs are free of charge from 25th May 2018.
A copy of East Goscote Parish Council’s SAR procedure is below.
- Privacy Statement for Staff and Councillors
- Data Audit
Please contact us if you have any questions about our Data Protection Policy or the personal data we hold about you or to exercise all relevant rights, queries or complaints at:
The Clerk, East Goscote Parish Council, The Village Hall, Long Furrow, East Goscote, Leics LE7 3ZL
Tel: 0116 260 2202
Data Protection: by contacting us you agree to East Goscote Parish Council collecting and processing your personal data to enable us to deal with your enquiry, booking or service request.