GDPR & DPA - New Data Protection Legislation from 25th May 2018
General Data Protection regulation (GDPR) is an EU regulation.
It came into effect 25th May 2018, in-conjunction with the Data Protection Act 2018 which received Royal Assent and also became operative from 25th May also, replacing the 1998 Act.
Thurlaston Parish Council have taken the following steps to ensure implementation and compliance to the new Act:
Awareness – raised awareness of the changes through regular
Training - ALL Parish Councillors have undertaken training relating specifically to GDPR.
Data Audit– Completed - what do we have, where do we have it, why do we have it, how long do we have it for etc?
Privacy information – Privacy Notices – prepared new notices taking into account the new requirements
Individual rights – processes/policies reviewed to ensure compliance – updated them to ensure that they support the new rights and that you can deal with any requests effectively
Subject Access Requests –SAR policies/procedures introduced to take note of new requirements – no longer charging a fee, additional information to be provided, purpose is to verify lawfulness of processing
Lawful basis for processing data – Data Audit has identified all the reasons why we process data and records the legal basis for doing so.
Consent – revised Consent Form introduced to ensure that we meet the requirements under GDPR.
Data breaches –New policies/procedures around handling data breaches so that we are able to notify the ICO within 72 hours if necessary.
Privacy by Design and Privacy Impact Assessments – Current processes are OK with annual reviews scheduled.
GDPR & DPA Policies and procedures adopted by Thurlaston Parish Council
GDPR - Data Retention Policy (Word Document, 827 Kb)
GDPR - Data Retention Policy adoption version June 2018
GDPR - Data Protection Privacy Policy (Word Document, 825 Kb)
GDPR - Data Protection Privacy Policy adoption version June 018
GDPR - General Privacy Notice (Word Document, 829 Kb)
GDPR - General Privacy Notice adoption version June 12018
GDPR - Policy Data Breach (Word Document, 823 Kb)
Data Breach Policy adopted version June 2018
GDPR - SAR Policy (Word Document, 833 Kb)
GDPR - SAR Policy adoption version June 2018
GDPR - Consent Form (Word Document, 824 Kb)
GDPR - Consent Form adoption version June 2018