Resident Engagement & Governance – Minutes – 22 November 2019

3 DATA PROTECTION UPDATE – The Director: Governance and Partnerships submitted a report providing an update on the Council’s arrangements for implementing and complying with data protection regulations.

The Data Protection Act (DPA) 2018 set out the framework for data protection law in the UK. It updated and replaced the Data Protection Act 1998 and came into effect in May 2018. The DPA 2018 sat alongside the European General Data Protection Regulation (GDPR) and tailored how it applied in the UK.

Both the GDPR and DPA were designed to respond to the challenges of modern communication, data use and information sharing by introducing changes that strengthened an individual’s rights over how their personal information was used. Organisations controlling and processing personal data were faced with increased accountability and compliance obligations.

The key data protection principles that organisations must have complied with were detailed at paragraph 2.3 of the report.

An action plan to implement the GDPR/DPA was developed based on the “12 Steps to Compliance” guidance produced by the UK regulator: Information Commissioner’s Office (ICO). The key actions completed were detailed at paragraph 2.4 of the report.

The Council’s preparedness for GDPR was independently assessed shortly after its implementation in 2018. A subsequent audit was undertaken to review compliance after 12 months. Both assessments concluded with a satisfactory assurance/low risk opinion.

Implementation of GDPR was subject to ongoing guidance from the ICO and evolving case law. A continuous improvement action plan had been developed to ensure that the Council continued to remain compliant with regulation.

Resolved – That the Council’s progress and arrangements for complying with relevant data protection regulations be noted.