Data Protection Policy

2.1      The Council will:

a)        Process personal information using appropriate technical measures in compliance with data protection legislations.

b)        Provide data subjects with a privacy notice statement where appropriate.

c)        Outline processing activity with third parties, where an ongoing data sharing relationship exists, in the form of a data sharing agreement or an associated contract.

d)        Assess the involved risks with processing personal information in the form of Data Protection Impact Assessments/Privacy Impact Assessments (DPIA/PIA) and mitigate any identified risks, and adapt these assessments based on any data breaches to prevent repeated incidents.

e)        Maintain a Register of Processing Activity (ROPA) to provide a corporate oversight on how personal information is processed across the organisation and promote compliance with data protection legislations.  

f)          Assess data breaches with an aim to prevent repeated incidents and reduce any potential harm to data subjects.

g)        Process data subject’s right requests within the statutory timeline.

h)        Maintain a record of right requests that allows the Council to review its activity for auditing purposes.

i)          Comply with ICO guidance on data protection legislation and emerging guidance on the Data Use (and Access) Act 2025.