Data protection guide

2. Principles and policies

The data protection principles are:

• processed lawfully, fairly and in a transparent manner (lawfulness, fairness and transparency)
• collected for specified, explicit and legitimate purposes (purpose limitation)
• adequate, relevant and limited to what is necessary for the purposes (data minimisation)
• accurate and, where necessary, kept up to date (accuracy)
• kept in a form which permits identification of data subjects for no longer than is necessary (storage limitation)
• processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (integrity and confidentiality)

• the data controller (i.e. The Council) is responsible for, and must be able to demonstrate, compliance with these principles (accountability). 

Policy and procedures

• Secure email (MS Word, 19KB)
• Data protection policy (MS Word, 418KB) 
• Data Protection Act and GDPR key changes PDF, 122KB)
• Subject access request guidance and procedure (MS Word, 366KB)
• Subject access request form
• Information assurance policy (PDF, 149KB)
• Confidentiality agreement (MS Word, 53KB)
• Request for personal data from another agency (MS Word, 27KB) 
• Protection of Cardholder Data Policy - Rented Terminals (MS Word, 66KB)
• Protection of Cardholder Data Policy - Receipting Systems (MS Word, 67KB)
• Skimming Prevention Best Practice for Merchants Sept 2014 (PDF, 1.1MB)
• Acceptable Use template (MS Word, 131KB)
• Data Sharing Agreement template (MS Word, 90KB)