Walsall Council Banner

Walsall Council Data Protection Protocol

Overview

Walsall Council is fully committed to compliance with the Data Protection Act (1998) and recognises the rights and obligations enforced by the act in the processing of personal data within the organisation. This protocol sets out what Walsall Council does to meet the requirements of Data Protection legislation.

Introduction

In order to operate efficiently and effectively, Walsall Council has to collect and use personal information about people with whom it works.  These include members of the public, current, past and prospective employees, clients and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of central government.

Walsall Council regards the lawful and correct handling of personal information as very important to its successful operations and to maintaining confidence between the council and those with whom it provides its services.

Scope

This protocol covers personal data held electronically by Walsall Council on central IT systems and PC’s, in addition to data stored in paper files. Personal Data is defined as any information from which a living individual can be identified.

The protocol applies to all council employees, elected members and any other third party who is authorised to process information on behalf of the council.

Aim

The aim of this protocol is to ensure that the council treats personal information lawfully and correctly in accordance with the Data Protection Act 1998 regardless of the format in which it is stored and collected.

Owner

The protocol is owned by the Data Protection Officer.

The council's current Data Protection Officer is:

  • Lynn Whitehouse - Performance Officer ext 3219

The following officers can also assist with any Data Protection issues:

  • Nailah Ukaidi - Principle Performance Officer ext 3585
  • John Pryce Jones - Corporate Performance Manager ext 2077

Principles

Walsall Council is fully committed to the eight main principles of the Data Protection Act (1998).

When collecting and processing personal data the following principles will be applied:

Personal data shall be processed fairly, lawfully and, in particular, shall not be processed unless specific conditions are met

The council will ensure that the collection and processing of information is not excessive and that it is appropriate to fulfil the operational needs of the organisation or to comply with any legal requirements.

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes

The council will ensure that when information is collected, on forms or by other methods, specific advice is given as to the purpose(s) of gathering and using the information.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

The council will ensure the quality and accuracy of any information used and that any information held is factually relevant to the area of work concerned.

Personal data shall be accurate and, where necessary, kept up to date

The council will endeavour to ensure that any personal data is accurate and current and where discrepancies are found, the data will be amended.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes

The council will ensure that any personal information is not held for longer than required and, by applying checks to determine the length of time information is held, make sure that personal data is destroyed in an appropriate manner once the retention period has expired.

Personal data shall be processed in accordance with the rights of data subjects under the Act

The council will ensure that an effective process exists to allow data subjects to fully exercise their rights to request to see any of the information held about them within the authority and to ensure that any such request is responded to within the legal time scale of 40 calendar days.

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data

The council will ensure that appropriate procedures are in place to safeguard personal information and ensure that access is restricted only to those council officers who require it.

Personal data shall not be transferred to a country or territory outside the European Economic area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

Walsall Council will ensure that personal information is not transferred abroad without suitable safeguards.

Walsall Council will also ensure that:

  • Our notification entry on the Public Register of Data Controllers is current and up to date. This includes Walsall Metropolitan Borough Council and The Electoral Register Office of Walsall.
  • Any partners or third parties who have access to or share our data follow our policies and procedures and are covered by either a data sharing agreement or outsourcing contract which allows them to lawfully act on our behalf as data processors.
  • A dedicated resource is provided to oversee data protection issues across the organisation.
  • All council employees (including contractors) involved in the collection and processing of personal data are aware of their legal responsibilities to provide adequate protection of personal information and safeguard against unlawful disclosure.

Contact us

Data Protection Officer
Corporate Performance Management
Council House
Lichfield Street
Walsall
West Midlands
WS1 1TW

Telephone 01922 653219
Email dataprotection@walsall.gov.uk

This page was last updated on 01 February 2010