Scribe Academy recently welcomed Alex Saunders, Partner at Leathes Prior Solicitors, specialising in corporate, commercial and data protection law. Alex has joined us previously where we delved into FOI requests and the Data Protection Act, but the my most recent session focused on 5 key legal documents your Council needs & why.
While Local Councils in the UK have various legal documents they must maintain such health and safety and employment documents, this session focused on the key documents that I recommend you have in place, to ensure you have proper legal compliance and to protect your Council as much as possible.
Firstly, what is UK GDPR?
The UK GDPR is the data protection legislation that came into force in May 2018. This law applies when an organisation uses personal data – any information that identifies a living individual. The term "use" is broadly defined, encompassing the initial collection, handling, processing, and transferring of the data, including storing that information or accessing it.
If your Council handles personal data, which it most likely does, you should have the following documents in place to ensure overall compliance. Let's take a look!
#1 Data Protection Policy
A Data Protection policy sets out your Councils code of conduct for using personal information and is essential for any organisation that handles person data. As a Town, Parish or Community Council it is highly likely that you handle significant personal data, such as:
- Personal contact information for residents or members of the community.
- Employee records and payroll information.
- Data relating to the provision of public services.
- Information for town planning or local development.
It's therefore necessary to demonstrate that as a Council you are handling this data responsibly, and in compliance with the law.
This internal document shouldn't be confused with external-facing documents like Website Privacy Policies or Employee Privacy Notices.
Read more on Creating a Data Protection Policy.
The policy should clearly explain what information is being collected, why it's being collected, how it will be used, and how it will be kept safe.
#3 Data Retention Policy
Data Retention Policies establish guidelines for how long an organisation retains different types of data, and how they are disposed of once their retention period is over.
The GDPR doesn't specify retention timescales for different types of data. Instead, it says that data can be held for as long as needed, for the reason it was initially collected. Therefore, it's essential for a Council to justify and document its retention periods in a data retention policy.
A comprehensive Data Retention Policy should include a schedule that sets out how long each category of data is retained. Examples of these categories include employee data, candidate data, resident data, supplier data etc.
A well thought out data retention policy is a cornerstone of an effective data protection strategy. It ensures compliance, enhances efficiency, and minimises potential risks, contributing to the Council's overall data governance framework.
Read more on Creating a Data Retention Policy.
#4 Website Terms & Conditions
They also serve as a protective measure for the Council, setting the parameters of liability. If there are any glitches or if the website experiences downtime, well-crafted terms can ensure the Council is not held accountable.
Read more on Creating Website Terms & Conditions.
#5 Hiring Agreement
If your Council rents out community spaces such as meeting rooms, halls, sports facilities etc, it's crucial to have a streamlined hiring agreement in place to ensure the proper, respectful use of public assets, and to protect the Council from potential liabilities.
Read more on Creating a Hiring Agreement.
⏯️ Scribe Playback - Watch Now