View this email in your browser

 

GDPR - learning together  Issue 2

Click here to access the "statement of reassurance" the ICO has issued to our sector

Your next steps .....

Despite the possibility of that there might be some changes on the horizon for our industry, you must continue as an organisation to work towards compliance with the new regulations.  
  1. BE AWARE - see guidance on our first bulletin on ways you can achieve this.  See below for details of SALC training available.   
  2. UNDERSTAND the personal information you hold  - so what do you hold, why do you hold it and how do you process it.
  3. RIGHTS of individuals – check ICO guidance about these key changes to increase your knowledge.
  4. PRIVACY NOTICE – draft a new one using the toolkit template ready to publish on 25th May.
  5. LAWFUL BASIS FOR PROCESSING – check the toolkit to help you understand how this relates to Parish Council administration.  See some quick guidance tips below.
  6. CONSENT – review the permissions you have in place to hold information and if not send a consent request – see toolkit template.
  7. UPDATE your processes for dealing with subject access requests, and DPA policies including how to deal with a data breach.
  8. DATA PROTECTION OFFICER  appoint when necessary.
Click here to view the first GDPR Bulletin issued
GDPR Awareness Session - Thursday 10 May 10am - 12noon 
 free of charge
Venue: SALC office, Claydon

This session will be focused entirely on the specific needs of councils and will be presented by GDPR specialists The DPO Centre.  
 
It will provide you with:
  • Background on the regulation, tailored to the needs of councils
  • Clarity on the obligations you must now fulfil
  • How to perform your initial 'impact assessment'
  • Challenges and complexities of filling the DPO role
  • The most appropriate and cost effective ways to comply 
To book your place please email or phone 01473 833713 
CLICK HERE to access the latest update on FAQs coming through our member advice service.
Do you have a question or query regarding GDPR ?

Contact the SALC team by email or phone: 01473 833713
COMING SOON.....
How to manage sensitive information in hard copy and by email.  How to password protect.  


A COUNTY SOLUTION - the prospect of a future service

 
A further possibility is emerging, could SALC offer a GDPR service?  We have already had a number of enquiries asking us to consider this.

We are now actively working up what we could offer, how we would resource it and what it would cost on a not-for-profit basis.   This solution might be particularly appropriate for smaller councils (under  £25,000 precept/turnover).  
 
Click here to answer a few questions regarding a potential SALC GDPR service.
Are you already working towards compliance using an external provider?

The statement from the ICO Commissioner makes it clear her expectation that we must continue to demonstrate our commitment to making progress towards embedding the right procedures and processes in relation to GDPR.  So, where does that leave you regarding the appointment of a DPO - do you need to or don't you?  How does that impact any contractural arrangements you are setting up with an external provider?

The point here is that even if there is a change in the need to appoint a DPO by 25th May, a slow-down in this respect does not in itself remove the requirement to comply with other aspects of the legislation.  Therefore the benefits still remain in having the support of a DPO Service of some form if that is what you have chosen to do.   If your Council decides to wait for further developments, you should discuss this with your external provider.  You are making the decision when and if to push the button with your DPO service. 
TOOLKIT TIP - what is "lawful basis"?
 
As part of your audit -  start to identify and document the "lawful basis" for processing any data you hold.  There are a number of different criterias that give you lawful basis to process and different lawful basis give different rights to individuals.    There are 6 lawful basis set out in GDPR.  See page 18 of the Toolkit and familarise yourself with these.

The Toolkit explains that in a council context, the most relevant lawful basis for processing under Special Category Data are likely to be EXPLICIT CONSENT, EMPLOYMENT LAW and REASONS FOR SUBSTANTIAL PUBLIC INTEREST.  Use the Toolkit to understand these in more detail and how they apply.

Free focus group - Wednesday 9 May 2pm-4pm at the SALC office

Click here to download details of our first focus group. Spaces are now limited to book email or phone 01473 833713. Please note preparation is needed in advance.
You are receiving this because you are a member.  If you wish to unsubscribe please email  
Our mailing address is:
SALC
Unit 11a Hill View Business Park
Old Ipswich Road, Claydon
Ipswich, Suffolk
IP60AJ
Copyright © 2018 Suffolk Association of Local Councils, All rights reserved.