{content}
HomeYour councilInformation GovernanceData protection and privacy

Data protection and privacy

In this section:

UK GDPR principles

We must ensure we abide by the seven principles of the UK GDPR to ensure personal information is:

  1. Used in a lawfulness, fair and transparent way
  2. Collected for specified, explicit and legitimate purposes and not used in an incompatible way
  3. Adequate, relevant and limited to what is necessary
  4. Accurate and where necessary kept up to date
  5. Kept so that only identifies someone for no longer than is necessary
  6. Used in a manner that ensures appropriate security
  7. We are also responsible for, and must be able to demonstrate, compliance with these principles.

Demonstrating compliance includes:

  • Adopting and implementing Data Protection policies
  • Taking a ‘Data Protection by Design and Default’ approach
  • Putting written contracts in place with organisations that process personal data on our behalf
  • Maintaining documentation of our processing activities
  • Implementing appropriate security measures
  • Recording and, where necessary, reporting personal data breaches
  • Carrying out Data Protection Impact Assessments for uses of personal data that are likely to result in high risk to individuals’ interests
  • Appointing a Data Protection Officer and
  • Adhering to relevant codes of conduct and signing up to certification schemes.

Related content