The EU General Data Protection Regulations (GDPR) came into effect on 25th May 2018 and represented an upgrade of existing privacy legislation, responding particularly to new technologies.
GDPR applies to the processing of personal data by automated and/or manual means, in some form of filing system. Processing is any operation on that data, such as collection, storage, alteration or disposal.
Personal data is any information relating to an identifiable living person, known as the ‘data subject’ and could include information relating to:
name, address, membership no. email, phone no. or date of birth, which would identify that person.
Data held by Belstone Parish Council
Belstone Parish Council holds very little personal data on individuals.
Nevertheless, under the new data laws the public have enhanced freedoms and rights which the Parish Council will observe in all it’s future activity.
The Parish Council will not hold any personal data on individuals that it has not been provided with by that/those individual(s). Should there be any processing of this data, a record will be kept of that personal data processing activity.
Contact information relating to Parish Councillors, who are publicly elected individuals, will however be available on the Belstone village website.
The Protection of Personal Data held by the Parish Council
- Right to be informed – The Parish Council will tell those individuals whose personal data is kept in parish records, what we are doing with that data. Such data will be kept to a minimum. Advance consent will always be sought before any information is sent out to the individuals concerned.
- |Right of access – If asked, we will provide people with the personal information we have about them. We will only keep that data for as long as is strictly necessary and then it will be deleted/ disposed of appropriately. Financial data will be kept for as long as the relevant financial regulations require. All other data, such as letters and emails will be kept for 12 months.
- Right to rectification – If personal data held by the Parish Council is proved to be incorrect, we will amend it accordingly.
- Right to restriction – If required, we will cease processing any personal data we have on an individual.
- Right to erasure – We will delete any personal data we hold, upon request, other than information that is already in the public domain for other purposes.
- Right to object – If an individual objects to any processing of their personal data by the Parish Council, including the passing on of such data to others, the Parish Council will adhere to that request. Any processing of data will only be for a specific and reasonable purpose.
A Personal Data Breach
We will always treat personal data with care and respect and keep it safe via a double lock system – password protected/in a locked cabinet and a locked room, not accessible to the public. If however, there is a breach of any of the above rights (plus any others listed in legislation), the Information Commissioner will be notified within 72 hours of the breach being discovered.