This is a statement of the Data Protection and General Data Protection Regulation Policy adopted by Minster-on-Sea Parish Council.
Minster-on-Sea Parish Council (the Council) needs to collect and use certain types of personal data about staff, Council Tax payers, residents and others with whom it deals. In addition, it may occasionally be required by law to collect, process, and pass on certain types of personal data to comply with the requirements of the law or requests from other public bodies. This personal data will be dealt with properly in accordance with the law however it is collected, recorded and processed – whether on paper, by computer, or otherwise. The Council will comply with the General Data Protection Regulation (2016) (GDPR) and the Data Protection Act 2018 (DPO).
The Council regard the lawful and correct treatment of personal data as vital to maintaining the confidence of those with whom it deals. The Council will treat personal data lawfully and correctly.
To this end, the Council will comply with the Data Protection Principles as set out in the General Data Protection Regulation (2016) (GDPR) and Data Protection Act 2018 (the “Act”). These principles require that personal data:
- shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions set out in Section 2 to the Act are met;
- shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
- shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
- shall be accurate and, where necessary, kept up to date;
- shall not be kept for longer than is necessary for that purpose or those purposes;
- shall be processed in accordance with the rights of data subjects under the Act;
- shall not be transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Therefore, Minster-on-Sea Parish Council will, through appropriate management and strict application of criteria and controls:
- observe fully conditions regarding the fair collection and use of personal data;
- meet its legal obligations to specify the purposes for which personal data is used;
- collect and process appropriate personal data, only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- ensure the quality of personal data used;
- apply strict checks to determine the length of time personal data is held;
- ensure that the rights of people about whom personal data is held can be fully exercised under the Act. [These include: the right to be informed that processing is being undertaken; the right of access to one’s personal data; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase personal data which is regarded as wrong information);
- take appropriate technical and organisational security measures to safeguard personal data; ensure that personal data is not transferred abroad without suitable safeguards.
In addition, Minster-on-Sea Parish Council will ensure that:
- there is an Independent Data Protection Officer with specific responsibility for the management of the organisation’s data protection;
- all employees and Councillors managing and handling personal data understand that they are responsible for following good data protection practice;
- everyone managing and handling personal data is appropriately trained to do so;
- everyone managing and handling personal data is appropriately supervised;
- anybody wanting to make enquiries about handling personal data knows what to do;
- queries about handling personal data are promptly and courteously dealt with;
- methods of handling personal data are clearly described;
- a regular review and audit is made of the way personal data is managed;
- methods of handling personal data are regularly assessed and evaluated.