Documents
Stone Rural Parish Council > Documents > Policies > Data Protection Policy

Data Protection Policy

Policies Uploaded on May 19, 2023
Download

STONE RURAL PARISH COUNCIL                       

DATA PROTECTION POLICY

Adopted 11 May 2023

 

The Data Protection Act 2018 controls how organisations, businesses or the government uses personal information. The Parish Council receives certain personal information in performing its duties and is responsible for using personal data according to the ‘data protection principles’.

 

THE DATA PROTECTION PRINCIPLES

 

  1. 1. Data must be obtained fairly and lawfully

This means that information should be ‘fairly processed’ i.e. when information is collected, the Parish Council should be honest and open about why the information is wanted.

 

  1. Data must be held only for specific and lawful purposes and not processed in any matter incompatible with those purposes

This means that the Parish Council must have a legitimate reason for processing the data. It will explain (in most cases in writing): that the request is from the Parish Council and what the Parish Council intends to use the information for and to whom the Parish Council intends to give the personal data to.

 

  1. Data must be relevant, adequate and not excessive for those purposes

The Parish Council will monitor the quantities of data held and ensure that they hold neither too much nor too little. The Parish Council will only hold the data which that is actually needed.

 

  1. 4. Data must be accurate and where necessary kept up to date.

All Personal data should be accurate. If it is not, it will be corrected.

 

  1. Data must not kept for longer than necessary

Only in exceptional circumstances should data be kept indefinitely. The Parish Council has a system of removal of different categories of data from its records after certain periods, for instance, when the information is no longer required for audit purposes.

 

  1. 6. Data should be processed in accordance with the rights of data subjects under this Act

This means that individuals must be informed, upon request, of all the information held about them. They can prevent the processing of data for direct marketing purposes and are entitled to compensation if they have been caused damage by any contravention of the Act.

 

  1. Security precautions in place to prevent the loss, destruction or unauthorised disclosure of the data

The Parish Council will ensure that there is adequate security for the data taking into account the nature of the data, and the harm to the data subject which could arise from disclosure or loss of the data. A system of passwords should be in use to ensure that only staff who are authorised can gain access to personal data.

 

  1. Not to transfer data outside United Kingdom unless you are satisfied that the country in question can provide an adequate level of security for that data.

The Parish Council is very unlikely to have a need to transfer data overseas.

 

The Act defines eight categories of sensitive personal data (the racial or ethnic origin,

political opinions, religious beliefs or other beliefs, trade union membership, physical or mental health or condition, sexual life, commission or alleged commission of an offence, proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings). The Parish Council does not hold such information and is unlikely to request such information.

 

Subject access requests

All subject access requests will be dealt with promptly and in any case within 28 days from the date of receipt. If further information is required from the subject to complete the request, the 28 days will begin when this further information is received.

 

In response to a subject access request individuals are entitled to a copy of the information held about them, both on computer and as part of a relevant filing system. They also have the right to receive a description of why their information is processed, anyone it may be disclosed to, and any information available to the Parish Council about the source of the data.

 

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, the Parish Council may consider a:

  • charge a reasonable fee taking into account the administrative costs of providing the information (the month starts after you’ve received the fee); or
  • refuse to respond.

The Clerk, acting as Data Controller, will maintain a record of any decisions of manifestly unfounded or excessive requests.

 

 

Useful contacts:

Information Commissioner

Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF

Telephone:01625 545 700 Facsimile: 01625 524510

Website: www.dataprotection.gov.uk