The General Data Protection Regulation (“GDPR”) took effect in the UK from 25 May 2018. It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection regarding how their personal data is used by councils. Local councils and parish meetings must comply with its requirements, just like any other organisation.
The new six principles:
The GDPR has a number of underlying principles. These include that personal data:
1. Must be processed lawfully, fairly and transparently.
2. Is only used for a specific processing purpose that the data subject has been made aware of and no other, without further consent.
3. Should be adequate, relevant and limited i.e. only the minimum amount of data should be kept for specific processing
4. Must be accurate and where necessary kept up to date.
5. Should not be stored for longer than is necessary, and that storage is safe and secure.
6. Should be processed in a manner that ensures appropriate security and protection.
Unless subject to an exemption under the GDPR, the following rights with respect to personal data apply: –
- The right to request a copy of your personal data which the Data Controller holds about you;
- The right to request that the Data Controller corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for the Data Controller to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the Data Controller provide you with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
The Parish Council has published on this website its policy on the privacy of the personal data it holds in its Privacy Notice.
Personal data which had been collected by Clifton upon Dunsmore Parish Council will be used with the consent of the subject and stored and disposed of in accordance with its Data Management Policy 090418 adopted in April 2018 and its Document retention and disposal policy 030418, adopted in January 2018
The Parish Council has undertaken an analysis of all the type of personal data it holds, its legal basis for holding it and for what purpose it is held; as required by the GDPR. The document produced following the analysis is called the Internal Register of Data Processing Activities. It can be viewed here: Register of internal data processing activities 030418
Access to your personal information
Individuals have a right to ask what personal information we hold about you, and receive a copy. This right is a ‘subject access request’. Subject to exemptions, we should supply that information within 30 calendar days of receiving a valid request. You will normally need to provide proof of your identity for a request to be valid. There may be reasons why we refuse to supply part of the information you have asked for. But we will write to you giving our reasons for refusal. We may have to remove or redact some information that relates to other people.
We ask that you provide as much detail as possible such as:
- your full name and current address;
- contact email and phone numbers;
- any previous names and contact addresses;
- date of birth;
- proof of identity.
Proof of identity should be two official documents which show your date of birth, name and current address on it (separately or when combined) such as a current drivers licence, current passport, utility bill, council tax bill etc (we can’t accept birth certificates). Please do not send original documents, good quality copies are adequate if you are uploading via email or sending by post – note we will not return these. The 30 days for a response will start from the day after we receive these.
If you wish, you can appoint someone you trust to act on your behalf. If you are applying to see someone else’s records you will need to enclose their signed permission or other legal documentation (e.g. Parental rights or Power of Attorney) to confirm their request.
All correspondence should be addressed to THE DATA CONTROLLER: Clifton Upon Dunsmore Parish Council. c/o 24 Harebell Way Rugby Warwickshire CV23 0TT. firstname.lastname@example.org www.cliftonupondunsmore.org.uk
FREEDOM OF INFORMATION ACT 1998
Clifton upon Dunsmore Parish Council has adopted the Information Commissioner’s Model Publication Scheme and has published the following guide to information available under the scheme.
This document lists information which is available from the Parish Council.
The Publication Scheme (as at 10 August 2015) can be found here – Clifton upon Dunsmore FOI Publication Scheme 2105
We aim to publish as much information as we can online. However, some items are only available in print. You should be aware that the Council is entitled to withhold certain information.
Follow this link for full details about the Freedom of Information Act
You can use the form below to make a request under the Freedom of Information Act, but please check the disclosure log to see whether your query has already been raised before and the information is available.