Data Protection Policy
The 1998 Data Protection Act came into force from 1 March 2000. Wirksworth Town Council supports the objectives of the Act and will comply with it.
The purpose of this Policy Statement is to formalise the position of the Council and state its commitment to maintaining confidentiality of personal information within its record systems. Detailed guidelines are attached as an appendix.
The obligations contained in this Policy Statement apply equally to both Council Members and Employees.
Definitions Personal Data:
any data that relates to a living individual who can be identified from that data. This includes any expression of opinion about the individual and any indication of the intentions of the Council in respect of the individual.
in relation to information or data, means obtaining, recording or holding the information or data or carrying out set operations on it, including disclosure.
an individual who is the subject of personal data.
Wirksworth Town Council is committed to maintaining the strictest level of confidentiality for any personal data it is responsible for processing. The Council will only process or disclose Personal data for purposes necessary for official Council business and that we have notified to the Data Protection Commissioner. The Council will adhere to the principles outlined in the 1998 Data Protection Act for processing that data.
The Council will design computer and manual systems to comply with the principles of the Data Protection Act and will train staff involved in processing personal data accordingly. The eight principles are:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:-
at least one of the conditions in Schedule 2 is met, and
in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside of the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The Council carries out its affairs in an open manner. Apart from exceptional circumstances as outlined in the Act, we will make information about a data subject available to them, upon request, in an intelligible form.
Where a data subject asks the Council for access to data, the request must come with a fee set by the Council, in accordance with the Act.
The Council will try to hold only the minimum data necessary to perform its business, and will erase or destroy the data in such a manner that confidentiality is maintained. We will try to ensure that data is accurate and up to date, and correct inaccuracies without unnecessary delay.