Minutes:
The Committee received a presentation from the Principal Information Management Officer, Transformations and Partnerships General Data Protection Regulations (for copy see file of Minutes).
The presentation highlighted the following points:-
· What if the new Data Protection Act?
· Why is it needed?
· What does law deliver?
· GDPR Overview
· Things to consider
· New categories of personal data
· New Data Protection principles
· Things we will need to consider
· What are we doing about it
Councillor Temple asked if the Council used data harvesting for marketing purposes. The Principal Information Management Officer explained that the Council did not trawl through the internet but that we did manage our subscriptions from the public. Councillor Temple further asked if we purchased data for the purposes of markeing and was advise that this was carried out. The Council did use reputable data brokers who would receive consent in the first instance. If someone asked us to stop sending them marketing materials we would do so. Councillor Temple asked what responsibility the Council had when buying information in good fatih, and asked that if the Council received evicence to the contrary we would take action. He was advised that it was the same when purchasiong anything from a reputable company. The Council would stop using data if it had been obtained incorrectly.
Mr Robinson asked if there were boundaries with other agencies and that the Council were clear about how to scope evidence. The Principal Information Management Officer explained that the Council will act as a data controller and would interact with the data processors. The boundaries would be set by the data controller. He added that schools and parish & twon councils would be their own data controllers. Members were informed that the procurement team were updating all of the current contracts to meet the requirements of the new legislation. When information would be shared such as between the Childrens and Adults Services with the Police, mental health trusts, social workers etc it was important that everyone was on the same page.
Mr Robinson asked if the biggest challenge was to implement this by the end of May and was advised that the Council were already dealing with data but that this would be a focus on changing the cultre and outlook on how we dealt with privacy. The Council were changing the practice in the way they worked as part of an overall Inspire programme which would see different ways of working.
The External Auditor asked how councillors would be categorised. The Principal Information Management Officer explained that they would have three separate areas – one as a member of a committee which would be covered as part of the overall data control, secondly as a member of a policitcal party which would be covered by the policitcal party, and the third part would be as a ward councillors where they would be their own individual data controller. For the latter they would need to register with the ICO.
Members were advised that there would be training sessions held to riase awareness.
The Chairman asked that a further update be given at a later date as the implementation of the legislation developed.
Resolved:
(i) That the presentation be noted.
(ii) That a further update be brought back to Committee.