Information & Data Protection Policy
In order to conduct its business, services and duties, Gurnard Parish Council processes a wide range of data, relating to its own operations and some which it handles on behalf of partners. In broad terms, this data can be classified as:
Data shared in the public arena about the services it offers, its mode of operations and other information it is required to make available to the public.
Confidential information and data not yet in the public arena such as ideas or policies that are being worked up.
Confidential information about other organisations because of commercial sensitivity.
Personal data concerning its current, past and potential employees, Councillors, and volunteers.
Personal data concerning individuals who contact it for information, to access its services or facilities or to make a complaint.
Gurnard Parish Council will adopt procedures and manage responsibly, all data which it handles and will respect the confidentiality of both its own data and that belonging to partner organisations it works with and members of the public. In some cases, it will have contractual obligations towards confidential data, but in addition will have specific legal responsibilities for personal and sensitive information under data protection legislation.
This Policy is linked to our Quality Policy and ICT Policy which will ensure information considerations are central to the ethos of the organisation.
The Parish Council will periodically review and revise this policy in the light of experience, comments from data subjects and guidance from the Information Commissioners Office.
The Council will be as transparent as possible about its operations and will work closely with public, community and voluntary organisations. Therefore, in the case of all information which is not personal or confidential, it will be prepared to make it available to partners and members of the Parish’s communities. Details of information which is routinely available is contained in the Council’s Publication Scheme which is based on the statutory model publication scheme for local councils.
Protecting Confidential or Sensitive Information Gurnard Parish Council recognises it must at times, keep and process sensitive and personal information about both employees and the public, it has therefore adopted this policy not only to meet its legal obligations but to ensure high standards.
The General Data Protection Regulation (GDPR) which became law on 25th May 2018 and like the the Data Protection Act 1998 before, seek to strike a balance between the rights of individuals and the sometimes, competing interests of those such as the Parish Council with legitimate reasons for using personal information.
The policy is based on the premise that Personal Data must be:
• Processed fairly, lawfully and in a transparent manner in relation to the data subject.
• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• Accurate and, where necessary, kept up to date.
• Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
• Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Data Protection Terminology
Data subject – means the person whose personal data is being processed.
That may be an employee, prospective employee, associate or prospective associate of BTC or someone transacting with it in some way, or an employee, Member or volunteer with one of our clients, or persons transacting or contracting with one of our clients when we process data for them.
Personal data – means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person.
It can be anything from a name, a photo, and an address, date of birth, an email address, bank details, and posts on social networking sites or a computer IP address.
Sensitive personal data – includes information about racial or ethnic origin, political opinions, and religious or other beliefs, trade union membership, medical information, sexual orientation, genetic and biometric data or information related to offences or alleged offences where it is used to uniquely identify an individual.
Data controller – means a person who (either alone or jointly or in common with other persons) (e.g. Parish Council, employer, council) determines the purposes for which and the manner in which any personal data is to be processed.
Data processor – in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Processing information or data – means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
• organising, adapting or altering it
• retrieving, consulting or using the information or data
• disclosing the information or data by transmission, dissemination or otherwise making it available
• aligning, combining, blocking, erasing or destroying the information or data. regardless of the