GDPR - 2018
An essential activity within the council is the requirement to gather and process information about the staff and people who use our services. This will be done in accordance with the General Data Protection Regulations (GDPR), the Data Protection Act 1998 (The Act) and other related government legislation.
The General Data Protection Regulation (GDPR) is an EU regulation that establishes a new framework for handling and protecting the personal data of EU citizens. (This will still apply after Brexit)
It introduces new obligations and liabilities for all organisations - including parish councils, that handle personal data and new rights for individuals in respect of their personal data. All organisations must comply with the new rules by 25 May 2018.
For Edmondsley Parish Council itself, as a corporate body, it is the formal Data Controller and as such must meet its obligations.
Information held by Edmondsley Parish Council
A data audit of all personal data has been carried out.
- What is held
- Where it came from
- Who it is shared with
- The legal basis for holding it
- Whether consent is necessary
- How it is protected
In addition, Edmondsley Parish Council is aware of the ICO's code of practice and the risk to information privacy.
In particular Edmondsley Parish Council looks to minimise this risk by looking to ensure personal information is
- Accurate and up to date
- Not kept too long
- Not disclosed to those who the person it relates to does not wish to have
- Not used in ways that are unacceptable to or unexpectaedly by the person it is about
- Kept securely
Edmondsley Parish Council has reviewed and amended all of its policies and procedures in order that they cover all the rights which individuals have (see below)
Edmondsley Parish Council does not hold any information / data on any child.