General Data Protection Regulations 2018
What is the GDPR?
The General Data Protection Regulation (GDPR) is a Europe-wide law that replaces the Data Protection Act 1998 in the UK. It includes the Data Protection Act 2018 (DPA 2018). The GDPR sets out requirements for how organisations like Parish Councils need to handle personal data. The Regulations came into force on 25 May 2018.
Under the GDPR, the Parish Council is both a Data Controller and a Data Processor. As a Data Controller, we must provide Privacy Notices explaining to individuals how their data will be used and what rights they have.
The Parish Council has also adopted several policy statements with regard to the collection, storage and use of personal data.
Data Protection Officer
Section 7(3) of the DPA 2018 says that Parish Councils are not public authorities for the purposes of the GDPR. As we are not a public authority for the purposes of the GDPR then we do not need to appoint a Data Protection Officer (DPO). We are still subject to data protection legislation however and we must ensure that we have sufficient staff and resources to discharge our obligations under the GDPR.
Parish Council is currently supported for GDPR and to act as the Council's DPO as required through Northants County Association of Local Councils (NCALC) via an annual subscription.
The Data Protection Officer and NCALC can be contacted as follows:-
6 Litchborough Business Park
Litchborough, Northants., NN12 8JB
Information Commissioner's Office (ICO)
Security under the GDPR
The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
The Parish Council has completed an assessment of personal data held. The assessment details what data, how and why it is collected and how the data is protected. To complement this log of personal data, we have also completed a GDPR risk assessment to identify how any risk to the security of personal data is managed. These documents are regularly reviewed.