High level statement - Implementation of GDPR Principles
The following is intended to provide a summary of activities of the Council to ensure that its management of personal data adheres with the principles of GDPR. These principles require that personal data shall be:
· Processed lawfully, fairly and in a transparent manner.
The Council has developed a transparency programme to endeavour to ensure that at the earliest practical point in the collecting or processing of personal data that the individual is provided with written details, or made aware of how to access, a written statement of their privacy rights. This is in the form of a Privacy Statements that are available on our website, at our public counters and with our application forms. Means to access information on your privacy rights should also be notified to you when you communicate with our employees by email or over the phone, where personal data is involved.
· Collected for specified, explicit and legitimate purposes
The Council base personal data processing on lawful processing conditions, set out in Article 6 of the GDPR. The basis and purpose of the processing will be stated in our Privacy Statements relevant to the process or application forms that you are using.
· Adequate, relevant and limited to what is necessary for the purpose for which it was obtained
The Council endeavour to ensure that personal data sought is minimal and aligned to the purpose or activity for which it is required.
It should however be noted that staff may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest. This may extend to sharing or disclosure of personal data to other bodies to comply with our statutory obligations. Sharing of data specific to a process or activity will be stated in our Privacy Statements.
· Accurate and, where necessary, kept up to date
The Council will provide reasonable opportunities for individuals to ensure personal data that is inaccurate can be deleted or corrected as required.
In practical terms this can often relate to changes in customers addresses and contact details. If you find that personal data we have about you is inaccurate or needs to be updated (for instance, you may have changed your name, address, contact details etc.) then please contact us so that we can correct it.
You can do this by:
Writing to us at: Wicklow County Council, County Buildings, Wicklow, Co Wicklow, A67FW96
Emailing us at: firstname.lastname@example.org
Please note that to help protect your privacy, we take steps to verify your identity before granting access to personal data. When making a request to update your records please provide evidence to support this - for example a copy of a document containing your new address – utility (Gas, Electricity, Phone) bill etc. and proof of your identity.
· Kept only for as long as is necessary for the purposes for which it was obtained.
The National Retention Policy for Local Authority Records is under review. The revised Policy will provide information on the criteria for determining retention, archival and deletion or end dates for Council records in all the functions it operates. Links to the Policy will be provided in our Privacy Statement and updated as the Policy is renewed.
· Processed in an appropriate manner to maintain security
The Council, taking into account the nature, scope, purposes and related risks of processing, employ appropriate physical, technical and organisational measures to secure personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. There are a range of internal policies, controls and practices supporting this principle and reducing risks to the data from the point of collection to the point of destruction. We also maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the data if they need it for authorised purposes.
- In addition the Council provide support, assistance, advice and Data Protection Awareness training, which includes physical and IT security training for staff to ensure compliance with the legislation, and to ensure a secure environment for your personal data.