E.U.General Data Protection Regulations 2016
Data Protection Act 2018

   
Parish Council Members and Contacts
   

On 25th May 2018 the Data Protection Act 2018 and the EU General Data Protection Regulations 2016 both come into force.  These require that all organisations, local authorities and businesses comply with the new requirements: they create accountability for anyone holding personal data and set out clearer responsibilities for organisations.  It is evident that the provisions are principally aimed at large multi-national businesses and organisations, but as so often happens, the minnows are going to be caught by the net, and therefore even the smallest Parish Council is required to ensure compliance with the new statutory provisions, particularly in relation to the processing of personal data.

We have already taken the first steps towards compliance by setting up our own website, which we control, and issuing all Councillors (as appropriate) with a corporate email address, which must only be used for Parish Council business, thereby protecting Councillors personal data.

There are 4 additional steps which must be completed by 25th May, in order to be able to demonstrate that this Council is well on the way towards full GDPR compliance, which will be a mitigating factor in the very unlikely event of a serious data breach. 

These are:-
            Create a Data Map.  This has been done and can be accessed by clicking on the link below.
            Adopt the relevant policies and documents.  Councillors resolved to adopt all the necessary
            policies at the meeting on 9th April and these can be viewed by clicking on the links below;-
            
            Records (Data) Retention Policy
            Data Protection Policy
            Data Breach Policy
            “Subject Access Request “Procedure
            Privacy Notice for Staff
            General Privacy Notice
            GDPR Security Compliance Checklist
            Appoint a Data Protection Officer.  The Parish Council has resolved to appoint Northants  
            CALC as its Data Protection Officer for 2018.
            Register with the Information Commission.  The Parish Council has been registered for
            several years.

In addition, the Parish Council will need to adopt an electronic communications policy, to ensure that all Councillors are aware of their duties and obligations under the GDPR and to ensure best practice when communicating between Councillors and the Clerk/Deputy Clerk; Councillor to Councillor; Councillor to residents, using any format; Councillors and external service providers. 

Any queries should be address to the Clerk or Deputy Clerk who will endeavour to assist.