Responsibilities
The Chief Executive has overall responsibility for ensuring our compliance with this policy and with Data Protection legislation;
The Director of Customer and Digital as Senior Information Risk Owner (SIRO) has responsibility, at executive level, for oversight of data protection and other aspects of information governance.
The Data Protection Officer (DPO) has day-to-day responsibility for monitoring compliance with this policy, advising the organisation on data protection matters and for receiving reports of personal data incidents for escalation as appropriate.
Directors and Heads of Services are responsible for ensuring that all systems, processes, records and datasets within their business area are compliant with this policy and with Data Protection legislation; for assisting the DPO in their duties through providing all appropriate information and support; for ensuring that their staff are aware of their data protection responsibilities; and consulting the DPO on new developments or issues affecting the use of personal data in the organisation; for ensuring Data Protection Impact Assessments are conducted as appropriate on data processing activities in their business area, drawing on advice from the DPO.
All colleagues are responsible for understanding and complying with relevant policies and procedures for handling personal data appropriate to their role, and for immediately reporting any event or breach affecting personal data held by the organisation.
The Council will adopt and implement the policy set out in this document, thereby ensuring its compliance with Data Protection Legislation.