Data Protection Policy
Garsington Parish Council recognises its responsibility to comply with the Data Protection Act 1998 and the General Data Protection Regulation 2018. The Act and regulation regulate the use of personal data, this does not have to be sensitive data, it can be as little as a name and address.
The Data Protection Act
The Data Protection Act 1998 sets out high standards for the handling of personal information and protecting individual’s rights for privacy. It also regulates how information can be collected, handled and used. The Data Protection Act applies to anyone holding information about people electronically or on paper.
The General Data Protection Regulation
The General Data Protection Regulation 2018 says that the information provided to people about how we process their personal data must be concise, transparent, intelligible and easily accessible, written in clear and plain language, particularly if addressed to a child, and free of charge.
As a local authority, Garsington Parish Council has a number of procedures in place to ensure it complies with the Data Protection Act 1998 and the General Data Protection Regulation 2018 when holding personal information.
Garsington Parish Council has appointed the Clerk as the designated Data Protection Officer. The Clerk will receive training for this role if required.
When dealing with personal data, Garsington Parish Council Clerk and Councillors will ensure that:
- Data is processed fairly and lawfully – this means that information should only be collected from individuals if we have been open and honest about why the information is wanted.
- Data is processed for specified purposes only
- Data is relevant to what it is needed for – data will be monitored so that too much or too little is not kept – only data needed should be held.
- Data is accurate and kept up to date – if not it should be corrected
- Data is not kept longer than it is needed
- Data is processed in accordance with the rights of individuals –individuals must be informed, upon request, of all the information held about them.
- Data is kept securely – only Councillors and the Clerk can access the data, which is stored securely and cannot be accessed by members of the public.
Collecting Data
Garsington Parish Council will be open with people when taking personal details from them eg if a person gives their email or phone number, this will only be used for the purpose it has been given and not disclosed to anyone else.
Storing and Accessing Data
Garsington Parish Council may hold information about individuals such as addresses, telephone numbers and email addresses. Non-electronic data are kept in a secure location at the Clerk’s place of residence and are not available for the public to access. All electronic data is password protected. Once data is not needed, is out of date or served its use, it will be deleted or destroyed.
The Parish Council is aware that people have the right to access any information that is held about them.
If a person requires to see any data that is held about them –
- They will be sent all the information that is being held about them
- This will include an explanation for why it has been stored
- There will be a list of who has had access to the data
- The information will be sent within 1 month
- Requests that are manifestly unfounded or excessive may be refused or a charge made
- If a request is refused a reason will be given
Where a person requests that their data is rectified or erased, this will be carried out.
Disclosure of information
If a member of the Parish Council needs access to information to carry out their duties, this is acceptable. They can only access as much information as necessary and should only be used for that specified purpose.
Confidentiality
When complaints or queries are made, they will remain confidential unless the subject gives permission otherwise. Personal data handling will also remain confidential.
If a data breach is identified, the ICO (Information Commissioner’s Office) will be informed and an investigation will be conducted.
This policy will be reviewed annually as well as the compliance and effectiveness of the policy.