Data protection policy

Legal basis for processing ordinary personal data (article 6)

We (through officers) must generally process personal data only if one or more of the following circumstances exist:

  1. Where an individual has given consent.
  2. Where necessary to perform a contract to which the individual is a party or to take steps at their request prior to entering into a contract.
  3. Where processing is necessary for us to comply with our legal obligations.
  4. Where processing is necessary for the performance of a task carried out in the public interest by us or it is in the exercise of official authority vested in us.
  5. To further our legitimate interests or those of a third party except where such interests are overridden by the privacy interests of the individual who is the subject of the information especially if they are a child.

Officers must always ensure that they have a lawful basis to process personal data on behalf of the council before they process it. No single basis is ‘better’ or more important than the others. Officers should consider and document what basis they are processing under. If an officer is unsure as to what basis they can rely upon or indeed whether they can lawfully process personal data, then the advice of the data protection officer should be sought.