DATA PROTECTION POLICY
Millom without Parish Council recognizes its responsibility to comply with the 2018 General Data Protection Regulation. The General Data Protection Regulation retains the existing legal principles of the 1998 Data Protection Act and adds some additional protections as to how personal data and sensitive personal data can be used.
THE DATA PROTECTION ACT:
The Data Protection Act 1998 set out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulated how information can be collected, handled and used. The Data Protection Act applies to anyone holding information about people electronically or on paper.
THE GENERAL DATA PROTECTION REGULATION:
The General Data Protection Regulation 2018 says that the information provided to people about how we process their personal data must be concise, transparent, intelligible and easily accessible, written in clear and plain language, particularly if addressed to a child and free of charge.
As a local authority Millom without Parish Council has a number of procedures in place to ensure that it complies with the General Data Protection Regulation 2018 when holding personal information.
Millom without Parish Council has appointed the Clerk as the designated Data Protection Officer.
When dealing with personal data, Millom without Parish Council staff and Councillors must ensure that:
Millom without Parish Council recognises its responsibility to be open with people when taking personal details from them. This means that staff must be honest about why they want a particular piece of information. If, for example, a member of the public gives their phone number to staff or a member of Millom without Parish Council, this will only be used for the purpose it has been given and will not be disclosed to anyone else. Data may be collected via the Parish Council’s website via the ‘Contact Us’ form. The contact us webpage contains a privacy statement about how the data will be stored and used.
STORING AND ACCESSING DATA
Millom without Parish Council may hold information about individuals such as their addresses and telephone numbers. These are kept in a secure location at the Parish Clerk’s place of residence and are not available for the public to access. All data stored on a computer is password protected. Once data is not needed anymore, if it is out of date or has served its use, it will be shredded or deleted from the computer.
The Parish Council is aware that people have the right to access any information that is held about them. If a person requests to see any data that is being held about them,
DISCLOSURE OF INFORMATION
If an elected member of the council, for example a councillor needs to access information to help carry out their duties, this is acceptable. They are only able to access as much information as necessary and it should only be used for that specific purpose. If for instance someone has made a complaint about over hanging bushes in a garden, a councillor may access an address and telephone number of the person who has made the complaint so they can help with the enquiry. However, before they access any sensitive information about a person, they would need consent to do this from the Parish Clerk. Data should never be used for political reasons unless the data subjects have consented.
Millom without Parish Council staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise. When handling personal data, this must also remain confidential.
If a data breach is identified the ICO must be informed within 72 hours and an investigation will be conducted.
This policy will be reviewed annually, as well as an annual review of the compliance and effectiveness of the policy.