Cookies

We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Essential Cookies

Essential cookies enable core functionality such as security, network management, and accessibility. For example, the selections you make here about which cookies to accept are stored in a cookie.

You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Google Analytics cookies to help us improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify you.

Third Party Cookies

Third party cookies are ones planted by other websites while using this site. This may occur (for example) where a Twitter or Facebook feed is embedded with a page. Selecting to turn these off will hide such content.

Skip to main content

GDPR

The General Data Protection Regulation (“GDPR”) will take effect in the UK from 25 May 2018.  It replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection regarding how their personal data is used by councils.  Local councils and parish meetings must comply with its requirements, just like any other organisation.The GDPR applies to all local councils and also to a parish meeting without a separate parish council because a local council and a parish meeting are public authorities.  The GDPR requires councils and parish meetings to appoint a Data Protection Officer (“DPO”).  This is confirmed by new data protection legislation currently being debated in parliament.  For the GDPR and the new data protection legislation, the definition of public authorities is the same as that used in the Freedom of Information Act 2000 (which includes local councils and a parish meeting constituted under s. 13 of the Local Government Act 1972). 

The Data Protection Act 1998 requires every data controller (eg organisation, sole trader) who is processing personal information to register with the ICO, unless they are exempt. Over half a million organisations are currently registered.