Data protection policy

Introduction, purpose, scope and strategic ambitions

We are committed to complying with both the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Act 2018. This policy sets out the framework officers and members must abide by when handling personal data.

As a council we recognise that the correct and lawful treatment of people’s personal data will maintain their confidence in us and will provide for successful business operations.

Purpose of policy

Protecting the confidentiality and integrity of personal data is something that we take extremely seriously. 

We are exposed to large fines (depending on the nature and severity of the infringement) for failure to comply with the provisions of the GDPR.

Scope of policy

Both officers and members must comply with this policy when processing personal data on the council’s behalf, however for ease of reading only officers will be referred to in the rest of the policy.

Compliance with this policy is mandatory. Related policies and procedures/guidelines are available to assist officers and in complying with GDPR and the new data protection act.

Any breach of this policy or the related policies and procedures/guidelines may result in disciplinary action or action under our code of conduct.

How the policy relates to/underpins our strategic ambitions

Once of our fundamental ambitions is to be a good council that is responsive and customer focused.

This policy facilitates a unified and GDPR compliant framework for all members and officers when managing and processing customer data.

The policy itself is publicly available and will facilitate a high level of confidence for customers whose data we collect, manage and process.