On 25 May 2018, the General Data Protection Regulation (GDPR) will

come into full force. In addition, the Data Protection Bill will

effectively adopt GDPR directly into English law. The new Act will

therefore have three main themes:

•           Extending the scope of data regulation

•           Empowering individuals to have greater control over their own data

•           Building privacy into products and services

•           Imposing big sanctions for non-compliance

Members considered a report on progress at the January meeting and this

report provides a further update. The Council has continued to make

progress towards introducing GDPR compliant measures in time for the

new law coming into effect in three months’ time.

Members were asked to consider and adopt a raft of policies to ensure

compliance with new data protection legislation.

Mr Devonald, presented summary of the report to the members of the committee.

The Chair asked for a reminder to be sent to all Members to complete the GDPR on-line training.

A training session for all members to be held before the GDPR enforcement date of 25th May 2018.

Cllr Hubbard requested that the link to be re-sent to her.

Cllr Mrs McKinlay  MOVED  and Cllr Kerslake  SECONDED  the recommendations in the report and following a full discussion a vote was taken on a show of hands and it was RESOLVED UNANIMOUSLY.

1.         That the attached updated compliance action plan (Appendix A), be approved to enable officers to roll out effective GDPR compliance across the Council by 25 May 2018.

2.         That Members note and approve the following additional revised and updated policy documents:

•           Data Protection Policy;

•           Data Breach Policy;

•           Consents Policy;

•           Data Processing Impact Assessments Policy;

•           Privacy Notices Policy; and

•           Clear Desk Policy,

with delegated authority granted jointly to the Head of Legal

Services and the Senior Information Risk Officer to revise and

update once the details of the new Data Protection Act are known.

Reasons for Recommendation

Members have approved a compliance action plan and project plan. This

is a complex, council wide project so that some dates for

action/completion under the project plan are subject to change for

operational reasons. In addition, the law in terms of a new Data Protection

Act is not yet enacted and further changes to the detail may be possible.

This will not affect the overall projected completion date of 25 May 2018,

though some on-going work will be necessary.

Specific work flows will be developed following receipt of council-wide

responses to a questionnaire which has been sent out to all departments,

along with guidance notes and other documents. This is vital to capture all

information necessary to ensure compliance in all areas in due course,

both hard copy and electronic. The deadline for responses is 12th March.

After that we will analyse the information and categorise it. A programme

of review and deletion of outdated material will then follow. Specific GDPR

training will be put in place for both officers and Members to complete

over the coming months.