Purpose

The Council’s data
protection policy has been updated to reflect current best practice
and legal interpretation. Some changes have also been made to
depersonalise roles, removing reference to officer’s names,
the policy has been made gender neutral and there has been some
tidying up of language and formatting so that the policy aligns
with other Council policies.

Decision

Cabinet approved the
Council’s new Data Protection Policy that was appended (as
Annex 1) to the Cabinet report.

Reasons for the decision

The Council’s existing
policy had not been updated since the General Data Protection
Regulations came into effect in May 2018. The revisions in this
updated policy are necessary to:
 
Reflect the latest legal
interpretations and best practices for data protection compliance
specifically noting that since October 2021 the information
Governance and Equalities Manager also serves as the Data
Protection Manager.
 
Ensure synergy with recently
updated Digital and ICT policies, including the Acceptable Use,
Cyber Security, and Digital Security policies.
 
Improve accessibility and
remove gender-based language.

Alternative options considered

It was available to Cabinet to
consider not accepting the revised policy or to request further
amendments. This was not the recommended option and the Data
Protection Officer advised that failing to implement these updates
would weaken the Council’s legal compliance and hinder
integrated decision-making.