Data Protection Policy

Breckland District Council is committed to protecting the rights and privacy of all people with regard to the processing of personal data.  During the course of our activities we will collect, store and process personal information about our staff, customers, suppliers and other third parties.  We recognise the need to treat personal data in an appropriate and lawful manner and all processing will be conducted in accordance with this policy, the Data Protection Act 2018, the General Data Protection Regulation and any subsequent or amending legislation.

This Policy applies to all employees and members of Breckland District Council.  Any breach of this policy will be taken seriously and serious or persistent Personal Data Breaches may be considered to be a breach of theMember's Code of Conduct or result in disciplinary action.  As a matter of good practice, other agencies and individuals working with the Council, who have access to personal information, will be expected to read and comply with this Policy.

This Policy is open to all internal and external stakeholders and is available to view on theCouncil's website

Users of this policy are encouraged to view further guidance that has been issued by the Information Commissioner's Office ("ICO"). Guidance is available in many discrete areas (such as CCTV, data sharing and subject access rights). These guidance notes can be accessed from the following web page: https://ico.org.uk/for-organisations/guidance-index/data-protection-and-privacy-and-electronic-communications/ (opens in a new window)

The ICO also has a guide specifically about the new General Data Protection Regulation which can be found here:  https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ (opens in a new window)

1. INTERPRETATION

1.1 Definitions

5. LAWFULNESS, FAIRNESS, TRANSPARENCY

5.1 Lawfulness & Fairness, 5.2 Consent, 5.3 Transparency (Notifying Data Subjects)

10. SECURITY INTEGRITY AND CONFIDENTIALITY

10.1 Protecting Personal Data , 10.2 Reporting a Personal Data Breach

13. ACCOUNTABILITY

13.1 Data Controller, 13.2 Record Keeping, 13.3 Training & Audit, 13.4 Privacy by Design & Data Protection Impact Assessment (DPIA), 13.5 Automated Processing (Including Profiling) & Automated Decision- Mailing, 13.6 Direct Marketing, 13.7 Sharing Personal Data