Agenda item

4.1

The Head of Information Management submitted a report outlining forthcoming changes to how the Council processes and uses personal data. These changes will be introduced through the General Data Protection Regulation (GDPR) which will come into force on 25 May 2018. The report outlined some of the proposed changes outlined within the GDPR, as well as work undertaken to date and ongoing work to address these proposed changes.

4.2

In response to a question from a Member about who had the right to be “forgotten” under the proposals, the Head of Information Management commented that an individual could ask for their records to be deleted, in essence “forgotten”. The Council would then have to make a judgement as to whether it needed to retain the individual’s records or not. If it did decide to retain, the Council would be required to inform the individual that this was the case and explain why. The individual would then have a right of appeal to the Information Commissioner’s Office (ICO).

4.3

In respect of the issue of fines for non-compliance, the ICO had confirmed that any fines would be sensible and proportionate to the size of the organisation. However, the ICO would more than likely have issued a number of warnings before it had reached that stage.

4.4

A Member of the Committee then enquired who would be responsible for any incident in Schools. The Head of Information Management confirmed that the Governing Body would be the accountable body for any such incidents.

4.5

Resolved: That the Committee notes the proposed changes and supports the ongoing work.