The General Data Protection Requirement (GDPR) came into law on 25th May 2018.
It replaced the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection regarding how their personal data is used by councils. Smeeth Parish Council must comply with its requirements, just like any other organisation.
Under the requirements of the GDPR personal data must be processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes; be adequate, relevant and limited to what is necessary for processing; be accurate and kept up to date; be kept only for as long as is necessary for processing and be processed in a manner that ensures its security.
At its meeting on 11th July 2018 Smeeth Parish Council adopted its Data Protection Policy which explains the duties and responsibilities of the council and it identifies the means by which the council will meet its obligations.
The Parish Council’s Policy and reporting forms can be downloaded here.
SPC_GDPR_fileThe Parish Council’s Privacy Notice can be separately downloaded here.
Privacy notice_SPC