GDPR & DPA - New Data Protection Legislation from 25th May 2018

General Data Protection regulation (GDPR) is an EU regulation.

It came into effect 25th May 2018, in-conjunction with the Data Protection Act 2018 which received Royal Assent and also became operative from 25th May also, replacing the 1998 Act.

Thurlaston Parish Council have taken the following steps to ensure implementation and compliance to the new Act:

Awareness – raised awareness of the changes through regular

Training - ALL Parish Councillors have undertaken training relating specifically to GDPR.

Data Audit– Completed - what do we have, where do we have it, why do we have it, how long do we have it for etc?

Privacy information – Privacy Notices – prepared new notices taking into account the new requirements

Individual rights – processes/policies reviewed to ensure compliance – updated them to ensure that they support the new rights and that you can deal with any requests effectively

Subject Access Requests –SAR policies/procedures introduced to take note of new requirements – no longer charging a fee, additional information to be provided, purpose is to verify lawfulness of processing

Lawful basis for processing data – Data Audit has identified all the reasons why we process data and records the legal basis for doing so.

Consent – revised Consent Form introduced to ensure that we meet the requirements under GDPR.

Data breaches –New policies/procedures around handling data breaches so that we are able to notify the ICO within 72 hours if necessary.

Privacy by Design and Privacy Impact Assessments – Current processes are OK with annual reviews scheduled.

GDPR & DPA Policies and procedures adopted by Thurlaston Parish Council