Purpose and Scope
The GDPR and Data Protection Act make it clear that whilst organisations process personal and sensitive data, the data itself is owned by the individual to who it relates. It is important that this valuable asset is therefore protected.
The Council recognise that the correct and lawful treatment of Personal Data will maintain confidence in the organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Council is exposed to potential fines of up to EUR20 million (approximately £18 million), whichever is higher and depending on the breach, for failure to comply with the provisions of the GDPR.
All staff, including individual business areas, departments, supervisors, managers and directors are responsible for ensuring all Council Personnel comply with this Privacy Standard and need to implement appropriate practices, processes, controls and training to ensure such compliance.
The DPO is responsible for overseeing this Privacy Standard and, as applicable, developing Related Policies and Privacy Guidelines. That post is held by Director of Governance.
The purpose of this policy is to outline how Chorley Council and South Ribble Borough Council (referred to as the Council) manage data protection in compliance with UK GDPR and Data Protection Act.
This policy applies to all staff as well as third parties and suppliers involved in the receipt, handling or sharing of information held by the Council.