Documents

The General Data Protection Regulation (GDPR) – An Overview for Councillors and Employees

Policies Uploaded on February 5, 2021

EAST FARLEIGH PARISH COUNCIL
THE GENERAL DATA PROTECTION REGULATION (GDPR) – AN OVERVIEW FOR COUNCILLORS AND
EMPLOYEES
GDPR took effect in the UK from 25th May 2018. It replaces the Data Protection Act 1988 and gives individuals more rights and protection regarding how their personal data is used by Councils. Parish Councils and meetings must comply with its requirements, just like any other organisation.
One of the main changes to note, is that the GDPR places a much greater emphasis on transparency, openness and the documents we need to keep in place in order to show that we are complying with the legislation. This is incorporated within the idea of “accountability”.
The GDPR will impose new burdens on Councils and parish meetings, including new reporting requirements and increased fines and penalties. The UK Government has made it clear that after Brexit, the UK will adopt a similar standard for data protection as set out in the GDPR.
The GDPR has a number of underlying principles. These include that personal data:
1. Must be processed lawfully, fairly and transparently.
2. Is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent.
3. Should be adequate, relevant and limited i.e. only the minimum amount of data should be kept for specific processing.
4. Must be accurate and where necessary, kept up to date.
5. Should not be stored for longer than is necessary, and that storage is safe and secure.
6. Should be processed in a manner that ensures appropriate security and protection.
It is important to remember, that all Councillors and members of staff must comply with the GDPR and you should read the various polices published by the Council. Should you feel that you require further training in respect of the GDPR, please contact the Data Protection Officer (Clerk).
The Information Commissioners Office (ICO) will remain as the regulator in charge of data protection and privacy issues. Further information can be found via their website:
https://ico.org.uk/