Data protection
This element of the Records Management Plan is about how we manage records containing personal data.
Introduction
The Council recognises that the Data Protection Act 2018 and the UK GDPR place a number of obligations on the authority, and our Data Protection Policy sets out how we will meet and comply with our obligations. The Council is registered with the Information Commissioner's Office under registration number Z7145991.
Compliance
The Council recognises the importance of ensuring that the public understand how personal information is used and held. We've published specific information on our website for residents of East Renfrewshire on how we manage their personal data. Information is included below.
Data Protection e-Learning training is compulsory for all employees, ensuring that each employee is aware of their obligations and to how contact the Council's Data Protection Officer in the event of a data protection breach. In addition to e-Learning, courses tutor led courses are available for our employees in areas such as Information Rights and Data Protection Impact Assessments.
Many of the elements of this Plan have a direct impact on the Council's responsibilities regarding data protection, and measures such as the corporate records retention schedule and information security procedures, for example, ensure that personal and sensitive data is accurate, only held for as long as necessary and processed fairly and lawfully.
Improvement actions and review
Policies and Procedures are updated as appropriate.
Responsible officer
Data Protection Officer
Documents
- Data Protection Policy (PDF, 892 KB)
- Information about Data Protection
- Privacy Policy and Service Privacy Notices
- Make a Subject Access Request
- Contact the Data Protection Officer
- View internal policies and procedures in place to comply with Data Protection.
