Appropriate policy document - processing special category and criminal conviction data

Compliance procedures

To maintain accountability, we will:

  • appoint a data protection officer who reports to our highest management level
  • take a “data protection by design and default” approach to our activities
  • keep records of our processing activities
  • ensure contracts are in place with third parties who process personal data on our behalf
  • ensure robust security measures are in place
  • conduct data protection impact assessments for high-risk processing activities

To ensure personal data is processed lawfully, fairly and transparently, we will:

  • only process personal data where there is a valid legal reason
  • be clear with individuals about why their data is being processed
  • inform individuals about how and why we use their data by providing privacy notices for all council activities

To ensure personal data is only processed for the purpose it was collected, we will:

  • collect personal data only for clear and legitimate purposes
  • tell individuals what those reasons are in privacy notices
  • use personal data for other purposes only if they are compatible with the original reason it was collected
  • only share personal data with other organisations if they are legally allowed to process it

To ensure we minimise the personal data we process, we will:

  • collect only the personal data needed for the specific purpose and avoid collecting too much
  • delete any personal data that is not relevant to our stated purposes

To ensure that we process accurate personal data, we will:

  • make sure personal data is accurate and up to date when needed
  • pay extra attention to the accuracy of the data we hold
  • take action to correct or delete data when we are informed it is inaccurate or outdated

To ensure that we don’t hold personal data for longer than we need to, we will:

  • keep personal data only as long as necessary
  • set retention periods based on legal requirements and business needs
  • make our retention schedules available to the public

To maintain the confidentiality, integrity and availability of personal data, we will:

  • implement robust policies and procedures to ensure the secure handling of personal data
  • train staff to manage personal data securely
  • have experts available to offer support and guidance
  • assign the right roles and responsibilities to manage information risk
Print this document