Data protection policy

Our approach

This policy sets out the framework officers and members must abide by when handling personal data.

Purpose of policy

Protecting the confidentiality and integrity of personal data is something that we take extremely seriously. 

We are exposed to large fines (depending on the nature and severity of the infringement) for failure to comply with the provisions of the GDPR.

Scope of policy

Both officers and members must comply with this policy when processing personal data on the council’s behalf, however for ease of reading only officers will be referred to in the rest of the policy.

Compliance with this policy is mandatory. Related policies and procedures/guidelines are available to assist officers and in complying with GDPR and the new data protection act.

Any breach of this policy or the related policies and procedures/guidelines may result in disciplinary action or action under our code of conduct.

Personal data breaches

​The council does all it can to keep your personal data confidential, available for use and intact.  
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data that is transmitted, stored, or otherwise processed.  

​If there should be a breach of your personal data such as its destruction, loss, alteration, etc, you can report it to us at and the Compliance and Data Protection Officer will conduct an investigation. In some circumstances, such as there being a risk of harm to you, we will report matters to the Information Commissioner’s Office. 

We will tell them what has happened, how many people are affected, what the likely consequences are and what we are doing to make things better. In certain circumstances, we will also provide this information to you.  

In the event that there is an:

  • Actual or suspected security incident involving DWP, HMRC and or/Home Office data
  • Suspected misuse of DWP, HMRC and or Home Office data (clerical and electronic)
  • Actual or suspected security incident involving LA or CSP IT Networks that could put DWP, HMRC and/or Home Office data at risk

Lichfield District Council will immediately notify the Local Authority Security and Support Team (LASST)

How the policy relates to/underpins our strategic ambitions

Once of our fundamental ambitions is to be a good council that is responsive and customer focused.

This policy facilitates a unified and GDPR compliant framework for all members and officers when managing and processing customer data.

The policy itself is publicly available and will facilitate a high level of confidence for customers whose data we collect, manage and process.