Issue - meetings

To receive and consider the report of the Director of Governance.

Chris Moister, Director of Governance presented his report which informed Members of the actions taken to review the Council’s compliance with the General Data Protection Regulations (now Data Protection Act 2018).

Following the requirements of the General Data Protection Regulations which came into force in May 2018, the Council delivered and adopted a compliant framework which met our obligations under the legislation. It had been intended to undertake a full review in 2020/21 to ensure that the adopted policies remained compliant, however this review was delayed due to the impact of Covid. The review was undertaken by legal services in the final quarter of this year. The Information Security Framework was not reviewed by legal services as while compliance with it supports GDPR compliance, it is not in itself a GDPR policy. IT owns this document and have been asked to undertake a review of it.

The policies were considered compliant with only some minor amendments to be made. The review considered policy compliance, data retention, data controllers, training, adequacy decision and data breaches.

The Committee noted that since 1 April 2021, the council has self-reported data breaches twice, although neither incident was viewed as serious internally. In light of our actions the ICO took no action on either self-report. Members took assurance that the GDPR framework is operating and embedded due to the limited number of data breaches.

The Committee highlighted the importance of mandatory GDPR training for Members and were advised that this was undertaken as part of the induction following the elections. E-learning was also available.

Resolved: That the report be noted.