Data protection

This element of the Records Management Plan is about how we manage records containing personal data.


In April 2019 we appointed an Information Governance Officer to carry out the statutory tasks of the Data Protection Officer as set out in data protection legislation and regulations. The independence of the Data Protection Officer role is recognised within the our Scheme of Delegated Functions.


Annual Data Protection Officer reports are presented to the Corporate Management team.

As part of its commitment to strengthen its information governance and data protection management we've developed an Information Governance Framework and as part of its data governance arrangements is working to strengthen its policies and procedures including those relating to data protection.

Our Data Protection Policy was last reviewed in August 2020 and is publicly available on our website. A training framework was introduced in April 2020 covering Fundamentals of Data Protection, Information Rights and Data Protection Impact Assessments.

There's a reasonable level of assurance that we're compliant with its data protection accountability obligations and a good level of assurance that citizens are informed about how their data is processed and how they can exercise their information rights, including contacting the Data Protection Officer. 

Improvement actions and review

The policy will be reviewed every 2 years or to reflect changes in staffing as appropriate.

Work currently underway as part of the Information Governance Framework will strengthen and increase assurance levels and enhance commitment to data protection and governance that supports a coherent, well informed and risk based approach to managing personal data.

Responsible officer

Data Protection Officer



Last modified on 20 May 2021