We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Essential Cookies

Essential cookies enable core functionality such as security, network management, and accessibility. For example, the selections you make here about which cookies to accept are stored in a cookie.

You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Google Analytics cookies to help us improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify you.

Third Party Cookies

Third party cookies are ones planted by other websites while using this site. This may occur (for example) where a Twitter or Facebook feed is embedded with a page. Selecting to turn these off will hide such content.

Skip to main content

Data Protection & Privacy

What is the GDPR?

The General Data Protection Regulation (GDPR) is a Europe-wide law that replaces the Data Protection Act 1998 in the UK. It includes the Data Protection Act 2018   (DPA 2018). The GDPR sets out requirements for how organisations like Parish Councils need to handle personal data. The Regulations came into force on 25th  May 2018.

Under the GDPR, the Parish Council is both a Data Controller and a Data Processor. As a Data Controller, we must provide Privacy Notices explaining to individuals how their data will be used and what rights they have. These Privacy Notices may be viewed in the document table below. DPA 2018 s7(3) says that Parish Councils are not public authorities for the purposes of the GDPR. Therefore, EWPC does not need to appoint a Data Protection Officer (DPO). It is however still subject to data protection legislation.

Data Protection Officer/Data Controller

Section 7(3) of the DPA 2018 says that Parish Councils are not public authorities for the purposes of the GDPR. As we are not a public authority for the purposes of the GDPR then we do not need to appoint a Data Protection Officer (DPO). We are still subject to data protection legislation however and we must ensure that we have sufficient staff and resources to discharge our obligations under the GDPR.

Information Commissioner’s Office (ICO)

The Parish Council is registered as a Data Controller with the ICO.  Our reference number is ZB101764‚Äč. Our details can be seen on the public register here. The certificate of registration can be found in our Statutory Documents here.

Security under the GDPR

The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

The Parish Council has completed an assessment of personal data held. The assessment details the type of data, how and why it is collected and how the data is protected. You can view this below. 

Our general privacy notice sets out your right and how we can use your information.

Further policies which link to data protection can be found on our Statutory Documents page here.