General Data Protection Regulation 2018
also referred to as GDPR
The General Data Protection Regulation (GDPR) is a new regulation which has been incorporated into the Data Protection Act (DPA) 2018.
It strengthens the previous Data Protection Act 1998 (DPA) and will give individuals more rights and protections as it sets out the requirements for how all organisations handle personal data.
GDPR applies to personal data which covers any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
GDPR requires personal data to be processed in a manner that ensures its security. This must include protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
GDPR requires organisations to have a valid basis in order to process personal data.
There are six lawful bases for processing data and the Parish Council will ensure that it uses the basis the most appropriate when processing such data.
Lawful Basis for Processing Data:
For more details on the lawful basis used by Stradbroke Parish Council for processing personal data please click here>>>
(or go to Statutory Information page via About Us tab)
GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA.
The following are rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.
A copy of the retention periods for all data, including personal data, Stradbroke's Data and Document Retention Policy can be seen here>> (or go to Statutory Information page via About Us tab)
GDPR introduces the ‘right of access’ for individuals and data subjects will have the right to request:
the reasons why their data is being processed;
the description of the personal data concerning them;
anyone who has received or will receive their personal data; and
details of the origin of their data if it was not collected from them.
A Subject Access Request (SAR) is a request for personal information that the Parish Council may hold about an individual. If an individual wishes to exercise their subject access right, the request must be made in writing. The purpose of a SAR is to make individuals aware of and allow them to verify the lawfulness of processing of their personal data. Under GDPR and the current Data Protection Act (DPA), individuals have the right to obtain confirmation as to whether personal data is being processed.
Stradbroke's Subject Access Request Policy (also available on the Statutory Information page via About Us tab)
Privacy notices can be read on via the statutory information page on the About Us tab or by following this link