- Screen Colours:
- Normal
- Black & Yellow
Click on the policies on the left to download.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a regulation which strengthens the previous Data Protection Act 1998 (DPA) and give individuals rights and protections. It sets out the requirements for how all organisations handle personal data.
The GDPR applies to personal data which covers any information relating to an identifiable person who can be directly or indirectly identified.
The GDPR requires personal data to be processed in a manner that ensures its security. This must include protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
The GDPR requires organisations to have a valid basis in order to process personal data. There are six lawful bases for processing data and the Parish Council will ensure that it uses the basis the most appropriate when processing such data.
Lawful Basis for Processing Data:
- Consent
- Contract
- Legal Obligation
- Vital Interests
- Public Task
- Legitimate Interests
The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
The GDPR introduces the ‘right of access’ for individuals. Data subjects will have the right to request:
- the reasons why their data is being processed;
- the description of the personal data concerning them;
- anyone who has received or will receive their personal data; and
- details of the origin of their data if it was not collected from them.
A Subject Access Request (SAR) is a request for personal information that the Parish Council may hold about an individual. If an individual wishes to exercise their subject access right, the request must be made in writing. The purpose of a SAR is to make individuals aware of and allow them to verify the lawfulness of processing of their personal data. Under the GDPR and the current Data Protection Act (DPA), individuals have the right to obtain con rmation as to whether personal data is being processed.
Click this link to view Stanstead's Subject Access Request Policy