Professional Documents
Culture Documents
a) The Parish Council is registered with the Information Commissioner’s Office (Registration reference:
A8257940) for the period 21-03-2018 to 20-03-2019. The registration has to be renewed annually. The GDPR
th
regulations come into force on the 25 May 2018.
c) The Parish Council is the Data Controller and the Data Processor for the personal information it holds and
uses. The clerk is the Data Protection Officer. The office of DPO is not a requirement of GDPR for small
councils but is regarded as good practice.
e) The lawful basis for holding and processing the data is:
I. Legal obligations:
For councillors – information to do with financial and pecuniary interests
For councillors – attendance at PC meetings
Minutes and PC financial records (to be retained in perpetuity)
II. Official authority:
Personal data of parishioners in order to communicate agendas and minutes of PC meetings and audit
requirements
Information about planning applications and appeals
Electoral roll
Correspondence from parishioners
III. Contractual:
Information about invoices and suppliers
New Hutton Parish Field agricultural tenancy
IV. Public interest:
Personal data for the occasional communication of information which might affect the parish from public
bodies such as the police, fire brigade, Cumbria County Council Highways and SLDC.
V. Legitimate interest:
This is the most appropriate basis when:
the processing is not required by law but is of a clear benefit to recipients;
there is a limited privacy impact on the individual;
the individual should reasonably expect their data to be used in that way; and
recipients will not want to be bothered with disruptive consent requests when they are unlikely to object to
the processing.
The Parish Council has resolved, therefore, that legitimate interest is the lawful basis on which personal data
can be used for the occasional communication of information such as events at the Institute and church,
notification of litter picking, and reports about the progress of the broadband project.
f) The Parish Council uses personal data for some or all of the following purposes (parish councils have been
advised to include all these in their list even though many purposes will not apply to them):
To deliver public services including to understand parishioners’ needs, to provide the services they request
and to inform them of other relevant services;
To confirm identity to provide some services;
To contact parishioners by post, email, telephone or using social media (e.g., Facebook, Twitter, WhatsApp);
To help the council build up a picture of how it is performing;
To prevent and detect fraud and corruption in the use of public funds and where necessary for the law
enforcement functions;
To enable the council to meet all legal and statutory obligations and powers including any delegated functions;
To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in
accordance with best safeguarding practice from time to time with the aim of ensuring that all children and
adults-at-risk are provided with safe environments and generally as necessary to protect individuals from
harm or injury;
To promote the interests of the council;
To maintain the council’s accounts and records;
To seek parishioners’ views, opinions or comments;
To notify parishioners of changes to facilities, services, events and staff, councillors and role holders;
To send parishioners communications which have been requested by them and that may be of interest to
them. These may include information about campaigns, appeals, other new projects or initiatives;
To process relevant financial transactions including grants and payments for goods and services supplied to
the council
To allow the statistical analysis of data so in order to plan the provision of services.
Your information is stored securely, and it will be used only for Parish Council purposes and to communicate
information of general interest to the parish. If at any time you wish to stop receiving these emails or have your contact
details changed, simply reply to me, the parish clerk, to tell me and I will make the change as soon as practically
possible.
j) Data breaches:
The Information Commissioner’s Office will be notified of a data breach where it is likely to result in a risk to the
rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial
loss, loss of confidentiality or any other significant economic or social disadvantage. Where a breach is likely to
result in a high risk to the rights and freedoms of individuals, they will also be notified directly in most cases.
l) The GDPR procedures and policy were approved by the Parish Council on 26-04-2018.