Antrobus Parish Council Personal Data Management and Audit Policy 1

Similar documents
European College of Business and Management Data Protection Policy

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

Data Protection Act 1998 Policy

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

Data Protection Policy

A closed circuit television system is used at the Memorial Hall by the Parish Council.

Port Glasgow St Andrew s Data Protection Policy

AIA Australia Limited

How we use Personal Information

SIMON READHEAD Q.C. PRIVACY NOTICE

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

- and - OPINION. Reasons

The installation of CCTV can provide information on activities at the Water,

Data Protection Bill [HL]

CHURCH LAWTON PARISH COUNCIL FINANCIAL REGULATIONS

Name: Address: Phone no: Nature of Business:

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

Legal Services Privacy Notice

16 March Purpose & Introduction

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

DATA PROTECTION POLICY STATUTORY

FREEDOM OF INFORMATION REQUEST

General Data Protection Regulation

Data Protection Policy

Declaration on the protection of personal data in the company TAJMAC ZPS, a.s.

Policy To Protect Personal Information

Brussels, 3 May 2006 (Case ) 1. Procedure

Law Enforcement processing (Part 3 of the DPA 2018)

CHAPTER I. Definitions

closer look at Rights & remedies

PERSONAL INFORMATION PROTECTION ACT

PRIVACY MANAGEMENT PLAN

BADBY PARISH COUNCIL FINANCIAL REGULATIONS

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

The Data Protection (Commencement, Amendment and. Transitional) (Bailiwick of Guernsey) Ordinance, 2018

Terms of Business

DODDINGTON PARISH COUNCIL FINANCIAL REGULATIONS

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Selection procedure at the European Ombudsman's Secretariat

Adequacy Referential (updated)

Individual Rights (Data Privacy) Policy

Data Protection Policy. Malta Gaming Authority

Staff Data Protection Policy

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

THE PERSONAL DATA PROTECTION BILL, 2018: A SUMMARY

Terms and Conditions GDPR Ready Data

FREEDOM OF INFORMATION REQUEST

Principles and Rules for Processing Personal Data

Nutfield Parish Council

CANDIDATE APPLICATION FORM

Policies and Procedures

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

University of Wollongong

SUPPLIER DATA PROCESSING AGREEMENT

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Processor Agreement SURF Model Agreement

Information about the Processing of Personal Data (Article 13, 14 GDPR)

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

DATA SHARING AND PROCESSING

Data Protection Bill [HL]

Information on the Processing of Personal Data (GDPR)

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)

Data protection and journalism: a guide for the media

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

(1) General information

DATA PROTECTION (JERSEY) LAW 2018

Aalto Summer continuing education

Charter on personal data

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018

COLEBROOKE PARISH COUNCIL. Minutes of the Colebrooke Parish Council Meeting held on Tuesday 21 st November 2017 at 7.30 pm at Colebrooke Parish Hall

Access to Personal Information Procedure

Introduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.

EARNLEY PARISH COUNCIL

Charities & Not-for-Profits Overview of Data Protection Law

ARTICLE 29 DATA PROTECTION WORKING PARTY

How we use Personal Information

Interstate Commission for Adult Offender Supervision

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Appendix 1 Data Processing Agreement

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Telekom Austria Group Standard Data Processing Agreement

IMPRESS: The Independent Monitor for the Press CIC Regulatory Scheme

Fragomen Privacy Notice

Freedom of Information Act 2000 (Section 50) Decision Notice

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

FUJITSU Cloud Service K5: Data Protection Addendum

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

THE DATA PROTECTION PRINCIPLES

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Annex 1: Standard Contractual Clauses (processors)

T he European Union s Article 29 Data Protection

HUU-AY-AHT FIRST NATIONS

Privacy International's comments on the Brazil draft law on processing of personal data to protect the personality and dignity of natural persons

Transcription:

Antrobus Parish Council Personal Data Management and Audit Policy 1 Personal Data Management and Audit Policy Data Management The GDPR places a much greater emphasis on transparency, openness and fairness than previous legislation required. The Parish Council as Data Controller will ensure the Principles of Data Protection legislation will be followed in the management of personal data and that employees and councillors understand the requirements of the new legislation. The Clerk (as Data Processor) will follow the underlying principles that personal data: a) Must be processed lawfully, fairly and transparently. b) Is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent. c) Should be adequate, relevant and limited i.e. only the minimum amount of data should be kept for specific processing. d) Must be accurate and where necessary kept up to date. e) Should not be stored for longer than is necessary, and that storage is safe and secure. f) Should be processed in a manner that ensures appropriate security and protection. The Clerk will manage subject access requests allowing data subjects to exercise their rights under the GDPR: The right to access personal data we hold on you The right to correct and update the personal data we hold on you The right to have your personal data erased The right to object to processing of your personal data or to restrict it to certain purposes only The right to data portability The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained The right to lodge a complaint with the Information Commissioner s Office. The Clerk will ensure the notification of personal data breaches and undertake data protection impact assessments where required for new projects as directed by the Council as Data Controller. A record log of processing of data will be maintained by the Clerk as Data Processor. 1

Antrobus Parish Council Personal Data Management and Audit Policy 2 Data Audit 1/ SUBJECT: Email or letter queries from residents or from other third parties including a request for service, reporting issues or making complaints Correspondence from members of the public/residents/other parties relating to parish matters which may contain personal data. Name, address, contact details, with possible sensitive personal data, depending on the nature of the matter; residents provide Members of the Public/Residents Public interest; compliance with legal obligation; legitimate interest where a balancing test has been applied 1. Any email letter of other form of query received by the PC which contains personal data will be retained for a maximum of two years or for as long as the issue remains or retention is reviewed by the Parish Council. 2. Such data may be stored on the PC laptop, held by the Clerk in a secure place. 3. The agreed privacy notice shall be provided to any person who contacts the PC. 4. In accordance with the agreed privacy notice, such data shall not be shared with any third party without the express permission of the data subject. 2/ SUBJECT: Planning Applications Consultations and decisions published by the Planning Authority, and shared with Parish Council for it to comment on. Name and contact information; Principal authority; residents/public Planning applicant/agent; Other members of the public speaking in open public session at council meetings. Members of the public who make comments. Compliance with legal obligation Public task 1. Clerk to check all information before sharing with parish councillors, and ensure sensitive personal data is redacted wherever possible before sharing or publishing. 2. Information in agenda and minutes to include only what is necessary to identify and discuss the application or decision. 3. Any correspondence between PC and applicant to be in accordance with data protection principles, and to be deleted within two years. 4. Public domain information may be held for as long as the issue remains or according to retention reviewed by the Parish Council 2

Antrobus Parish Council Personal Data Management and Audit Policy 3 3/ SUBJECT: Resident Surveys Inform residents and gain views of Resident Names and Contact Residents Consent residents details- from residents 1. Clerk to retain in a secure place and obtain consent form. Not to be shared. 2. Delete after 2 years and anonymize other data if required. 4/ SUBJECT: Website Information relating to the Parish is published on the website Members of public Consent; compliance with legal obligation; legitimate interest where a balancing test has been applied 1. Photographs of individuals shall not be published on the website without the express permission of the individual. 2. Photographs taken off the website will be deleted and no copy of the photograph shall be retained by the PC 3. Documents provided by external groups (e.g. village news) and re-published on our website are done so under the understanding that the external group have a lawful basis (consent or other) through their own data protection checks 5/ SUBJECT: Electoral roll provided by Principal Authority Elections Names, address, All Parish residents Compliance with legal obligation marital status; principal authority 1. Clerk to retain in a secure place. 2. Electoral roll not to be shared with any other person. 3. Members of the public to be directed to Principal Authority for any electoral roll queries. 3

Antrobus Parish Council Personal Data Management and Audit Policy 4 6/ SUBJECT: Minutes matters raised by members of the public at meetings Maintained and published in accordance with Local Government legislation Names and possibly other information Residents/members of the public Compliance with legal obligation; public interest 1. Every effort should be made to avoid inclusion of personal data in agenda or minutes. Where personal data or potential identifiers cannot be avoided, these should be kept to a minimum. 2. Members of the public who attend the public forum or the annual meeting should be informed by the Chair that the issue may be included in public minutes, and should give their consent to personal data where necessary before the discussion (consent to be implied as Chair gives the members of the public the chance to withdraw from the meeting if they wish). 7/ SUBJECT: Suppliers of Services Carrying out contracting work and services required by the Council; Names, contact details, qualifications, financial details, details of certificates and diplomas, education and skills; provided in contract applications etc Contractors/Trades persons surveyors, architects, builders, suppliers, advisers, payroll processors Contractual necessity Public task 1. Copy to be retained on PC laptop, held by Clerk in a secure place, for life of contract or while the business remains a potential supplier. 2. Quotes, purchase orders, invoices, etc to be retained in accordance with statutory requirements (usually 6 years but 40 for insurance) 8/ SUBJECT: Residents asked to perform actions (eg trim trees or hedges) In response to requests made at PC meetings. Names, addresses and possibly other personal data provided by residents Residents/members of the public Compliance with legal obligation; public task 1. Copy to be retained on PC laptop, held by Clerk in a secure place, for a maximum of two years. 2. Information shall not be shared with any third party without express permission of the data subject 4

Antrobus Parish Council Personal Data Management and Audit Policy 5 9/ SUBJECT: Customers and grant applicants To receive services from the Parish Contact and billing details, Council accounts 1. Maximum of 6 years for accounts. Customers and grant applicants Contract, legal obligation 10/ SUBJECT: Employees and applicants To manage applications, contracts, PAYE, and performance review. Applications, References, Bank details, pension, sickness, performance Employees and applicants 1. Information be retained in accordance with statutory requirements (6 years post employment) 2. Names will be retained for historical public record Legal obligation, contract 11/ SUBJECT: Councillors and applicants Clerk retains contact details/gathered for election purposes/published in accordance with Transparency Code and Code of Conduct Name, address, contact details, and disclosable pecuniary interests Parish Councillors Compliance with legal obligation Public task 1. Details will be published on website in accordance with statutory requirements. 2. Data will be held by Clerk, on the PC laptop, and details other than name will be deleted within 6 months of when a councillor retires from office. Names will be retained for historical public record. 3. Requests for this data from third parties shall be referred to the website. 5

Antrobus Parish Council Personal Data Management and Audit Policy 6 12/ SUBJECT: Any other personal data Personal data which comes under the control of the PC which does not fit into any of the categories above Names, addresses and possible other personal data. Public intererst 1. Clerk to process the data in accordance with the data protection principles, always ensuring that personal data is stored securely and not shared with any third party without the express permission of the data subject. 2. Clerk may need to bring report to Council to determine the way in which the data should be controlled. Other related documents are: General Privacy Notice, Data Protection Policy For information on how the council keeps data safe refer to the IT Security Policy. Version history June 2018 first version. Approved June 2018. 6

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback