Responsibilities
Responsibilities
| Roles | Responsibility | Frequency |
| All Officers (All Directorates) |
Ensure that any correspondence received via post, or delivered in person to the Council offices, is actioned. If the documentation needs to be retained, ensure that it is scanned in and stored electronically on any appropriate CRM system and the paper copy of the document, is securely disposed of. |
Ongoing |
| All Officers (All Directorates) |
To action emails received from members of the public, or that contain personal information as soon as possible and to then delete the email once fully actioned (and no longer required). If the email needs to be retained, ensure that it is stored electronically on any appropriate CRM system and the original email deleted from officers mailbox. |
Ongoing |
| All Officers (All Directorates) | Ensure paper records are kept to an absolute minimum and to avoid storing in personal drawers, lockers, desk and trays wherever possible. | Ongoing |
|
Line Managers / Team Leaders (All Directorates) |
Ensure staff are routinely reminded of the responsibilities covered above. | Ongoing |
|
Line Managers / Team Leaders (All Directorates) |
Ensure staff receive training and support where appropriate. | Ongoing |
|
Data Controllers / Information Asset Owners (All Directorates) |
To be aware of regulatory requirements relating to the retention of data they collect and store. | Ongoing |
|
Data Controllers / Information Asset Owners (All Directorates) |
To notify the GDPR Compliance Officer of statutory / regulatory changes that occur relating to the retention of the data held by their Directorate. | Ongoing |
|
Data Controllers / Information Asset Owners (All Directorates) |
Ensure that all personal data is retained and disposed of, is done so in line with GDPR and statutory requirements. | Ongoing |
| HR Manager | To ensure HR / staff records are retained and disposed of, in line with GDPR and statutory requirements. | Ongoing |
| Health and Safety Officer | Ensuring that all Corporate Health and Safety records are retained and, when appropriate, disposed of in line with GDPR and statutory requirements. | Ongoing |
| Directors/Heads of Service |
Ensuring that all teams are complying with GDPR; ensuring that Data Retention Schedules are completed; ensuring that the Council's suppliers and contractors demonstrate GDPR compliance and that they check their credentials and guarantees. As a controller the Council need to have a written contract that explicitly defines each parties' responsibilities and liabilities. Importantly, data controllers are always liable for the compliance with GDPR. In addition, if the Council operate outside the EU the Council need to document the location of the controlling authority within the EU. Contracts with suppliers, verification and ongoing management are key to long term GDPR compliance. |
Ongoing |
| Chief Executive | Overall Officer level responsibility for data retention. | Ongoing |
| Audit | Work with ICT to review batch deletion to ensure it is functioning appropriately and that a suitable audit trail is recorded. | Annually |
| Audit | Undertake spot checks as identified in the risk assessment. | Ongoing |
| Policy & Communications | Ensuring that Marketing Strategies and Events are compliant with GDPR and keeping Staff updated. | Ongoing |
|
Head of ICT |
The Information Manager will have overall responsibility for maintaining systems capable of batch deletion of information that has reached its retention limit. | As required |
|
Head of ICT |
Work with Audit to review batch deletion to ensure it is functioning appropriately and that a suitable audit trail is recorded. | Annually |
Data Retention Scedule
The Councils data retention schedule can be viewed on the Councils website.