In accordance with the EU General Data Protection Regulations 2018 we confirm the following;
- Any information received by email through this web site will be solely used to reply to your enquiry and will not be forwarded without your permission.
- You are at any time welcome to request a copy of your email until it is deleted once your enquiry is satisfied. All email records are deleted annually.
- We will not share or pass on any details from your email to any third parties.
- This site does not collect cookies.
- If you require your name or any personal details removed from minutes, previous minutes or agendas, please contact the clerk by email regarding this: email@example.com
Unless you have specifically told your browser not to accept cookies, almost all websites place cookies on your devices. This is not in itself a security or privacy issue.
However, cookies can be used by some systems to, for instance track your web usage to work out which advertisements to show you, or gain information about your social networking usage. If you worry that this impinges on your privacy, search for ‘block all cookies’ or view this page for an idea of how to tell your browser not to allow them.
If you do this you may find that some websites will not work for you at all, or on others some functionality, like shopping baskets may not work.
The Michaelstow Council website stores very limited information about our site visitors. However we do use some external services which may store data about you. We list what we store and the external services we use below.
- We have provided an email contact address for the parish clerk. The details you send in an email are passed to us by email but not stored on the website. We will retain the emails sent to us this way and may use your contact details to respond to you about your enquiry.
If you have any queries about our use of your data please use the contact details you can find on the website.
CALC Summary of GDPR:
1. Who is the Data Controller? – the Council is the Data Controller and is required to establish policy and procedures to protect the personal, attributable data which it holds. The Council will need to register with the Information Commissioner’s Office (ICO). Individual councillors may be data controllers in their own right if they keep personal information in their own archive.
2. Who is the Data Processor? – anyone that uses the information on behalf of the council i.e. HMRC, NDP Steering Group
3. What is personal data? – it is anything which you hold where the individual can be recognised and relates to them personally. This includes
a. Personnel files for your clerk and other staff
b. Contact details of individual members and organisations in your community
c. Contractors and other suppliers
d. Survey results i.e. Neighbourhood Plans, Housing Needs surveys etc where you can identify the individual. If you have added an email address to keep in touch or similar.
4. How can the council use the data – you can only use it when you have consent from the individual to use it and are restricted to only using it for that single function. Therefore you cannot gather names and emails addresses through a village mailing list and use this for the NDP consultation. Individuals will have a right to be forgotten and you must have a clear plan of how long you intend to keep data and when it has been destroyed.
5. Who is the regulator? – the Information Commissioner will oversee the regulations and may levy fines for the mismanagement of information. The ICO has confirmed that provided local councils are seen to be working towards compliance, it will be a fair and proportionate regulator.
6. Who is accountable under the regulations? Any data controller will be accountable for their actions. Under the new GDPR individual councillors are responsible for complying with the regulations if they hold personal data. They will be accountable under the act for any breaches of the regulations and personally liable for any prosecution brought against them as an individual.
What must you do to comply?
i) Establish a plan for working through the requirements. Delegate a number of councillors or a committee to work through the requirements and get started on the work towards compliance.
ii) Audit the data you hold and only keep that which you need. Make sure that the council has a clear understanding of the information which it keeps and for how long? You will not need to keep anything which someone elsehas. Individual councillors should return anything which is no longer needed or would be unlawful for them to hold. The GDPR regulations remove the ability to keep personal data ‘just in case’ anda council should consider how it handles confidential information.
iii) Register with the Information Commission as a data controller. It will cost you up to £55 depending on the size of your organisation.
iv) Review the council’s use of email for circulation of correspondence. Learn to use the bcc function for emails and if in doubt always get the correspondent’s permission to share their email/letter before distributing it.
Data Protection Officer
The Government has confirmed that local councils are no longer required to have a Data Protection Officer but that all of the functions of the role remain and are still compulsory. In practice this means that there is no requirement to appoint to the title but the work must still be covered.
CALC has prepared a number of templates to help the Council as a data controller to manage its responsibilities. We are working with the Information and Governance team at Cornwall Council to provide a clear suite of documents and guidance to support your council. These will be available as soon as the final regulations have been confirmed.