- Background and relevance
- The Data Protection Act 2018 came into force 25th May 2018. This Act replaces the Data Protection Act 1998.
- The Act applies to ‘personal data’ that is data relating to a living person who can be identified from that data.
- ‘Processing data’ means any operation performed on that personal data such as collection, recording, use.
- The Parish Council does have data that relates to living individuals and does process data.
- Information Audit
The type of information the Council holds tends to be limited to name, address, telephone number and email address.
More detailed information is held for employees.
In the normal course of business the Parish Council will receive personal data in connection with the following council activities:
- Contact details for local groups and charities
- Administration of employment matters
- Correspondence sent to the Council
- Volunteer lists for specific activities
The Council is sent a copy of the electoral roll with updates through the year. The Data Protection issues associated with the electoral roll are the responsibility of Staffordshire County Council. The Parish Council does not permit any third party to view the document.
The Council does not have any services directly relating to children. It is aware that should that circumstance change, the relevant Data Protection issues will need to be taken into consideration.
- Sensitive data
The Act requires ‘sensitive data’ to be treated differently. Categories of sensitive data include racial or ethnic origins, political opinions, religious beliefs, and health issues.
The Parish Council does not collect such data.
If the Council were to carry out a Parish survey / consultations all responses would be anonymous and questions would not generally be asked on a topic that is classified as sensitive.
- Storage of data
The Parish Council’s Security Policy sets out how information should be stored securely.
All council paper documents and computer equipment is stored in the parish office or clerk’s office, which are secure.
All computer records are stored on a password protected laptop / computer with anti-virus software. The Parish Council does not utilise cloud storage.
- How the data is used
Data is only used for the purpose it has been supplied and only for matters relating to the Parish Council business.
Data is not passed onto a third party without the express consent of the data subject. The Council does not routinely share or sell data.
Data is retained in accordance with the Parish Council’s Retention Policy. The Council needs to keep accurate and timely records for the appropriate period of time, making sure that obsolete records are securely disposed of in an appropriate manner.
- Subject access requests
A request for a copy of information held can be made to the Parish Clerk. The Parish Council will respond to requests within one month. The information will be provided in a format paper or electronic format. Proof of identification will be required.
A request for the information held to be deleted can be made to the Parish Clerk. The Parish Council will respond to requests within one month. The information will be provided in a paper or electronic format. Proof of identification will be required.
- Data Controller
The Parish Clerk fulfils the role of Data Controller.
You have the right to make a complaint about how your information is held and processed. Complaints can be made to the Parish Clerk or the Information Commissioners Office (https://ico.org.uk/make-a-complaint/)
More detailed information is available at www.ico.org.uk.
|Adopted||20 May 2021|