Data Protection Policy

This Policy applies to all employees, Councillors, and processors. This procedure impacts residents and service users of the council.

Effective Date:

13 April 2026

Review Date:

13 April 2028

Author:

Governance Policy Officer

Policy Owned by:

Assistant Director (Legal and Governance)

Statute:

UK General Data Protection Regulations

Data Protection Act 2018

Data Use (and Access) Act 2025

National Standards and Guidance

Data Protection Principles ICO Guidance

Lawful basis for processing ICO Guidance

Privacy Notice Statement ICO Guidance

Personal Information Rights ICO Guidance

Data use (and Access) Act 2025 ICO Guidance

Related Policies

Information Request Policy

Personal Information Risk Assessment Procedure

Privacy Notice Statement

Acceptable Use Policy for Information & Communications Technology

1.1      This policy outlines Welwyn Hatfield Borough Council’s obligations and approach to complying with UK General Data Protection Regulations (GDPR), Data Protection Act 2018 (DPA), and Data Use (and Access) Act 2025 (DUA). 

1.2      This policy outlines the internal practices that Council employees and Councillors must follow. Third parties such as contractors or partners would either be expected to confirm adherence to this policy or satisfy the Council that arrangements are in place to comply with data protection requirements and best practice.  

1.3      This policy outlines the expectations and rights of the Council’s service users, residents, employees, Councillors, contractors and partners.