GDPR Data Protection Policy – 19th February 2019 Hannington Parish Council
Hannington Parish Council complies with the General Data Protection Regulation (GDPR).
GDPR regulates the use of personal data, e.g. the name, address and email of an individual (the data subject).
General Data Protection Regulation
The General Data Protection Regulation sets out the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used. The General Data Protection Regulation applies to anyone holding personal information about people, electronically or on paper.
Hannington Parish Council has notified the Information Commissioner that it holds personal data of individuals.
When dealing with personal data, Hannington Parish Council’s Clerk and any Councillor must ensure that they comply with the six principles listed below:
- Personal data must be processed fairly, lawfully and in a transparent manner in relation to the data subject;
- Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Personal data must be accurate and, where necessary, kept up to date;
- Personal data must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- Personal data must be processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Personal Data Access
Hannington Parish Council recognises its responsibility to be open with people when taking personal details from them. This means that Councillors and Clerk must be honest about why they want a particular piece of personal information.
Hannington Parish Council’s Privacy Notice describes how we use your data and is available on the Parish Council website at www.hannington-hants-pc.gov.uk
Security of Personal Data
Hannington Parish Council may hold personal information about individuals such as their addresses, email addresses and telephone numbers. These are securely kept by the Clerk and Councillors and are not available for public access without the prior permission of the data subject as this would be deemed to be a serious breach of GDPR compliance. All data stored on the Clerk’s computers is password protected.
Disposal of Personal Data
Once data is not needed any more, is out of date or has served its use and falls outside the minimum retention time of our Document Retention Policy, it will be shredded or securely deleted from the computer by the Clerk, as is applicable.
Rights of data subjects to view their data
GDPR provides for the right of a data subject to have access to their personal information (other than regulatory situations which may prevent this) that is held about them via a Subject Access Request addressed to the Parish Clerk. If a person requests to see any data that is being held about them:
- They must be sent all of the personal information that is being held about them;
- There must be an explanation for why it has been stored;
- There must be a list of who has seen it;
- It must be sent within 1 calendar month.
Hannington Parish Council members have individual parish council secure email addresses of the form ‘Cllr.Name@hannington-hants-pc.gov.uk’ all of which are automatically recorded so that there is no confusion about data traceability or who has seen the data. The Parish Clerk has sole access to these recorded emails which can be rapidly searched for the desired subject.
The Parish Clerk, Hannington Parish Council is responsible for ensuring adherence with the General Data Protection Regulations.
The Parish Clerk contact details are on the website at www.hanninton-hants-pc.gov.uk
Information Commissioner: Email: Mail@dataprotection-gov.uk Website: www.dataprotection.gov.uk