Happy 4th Birthday to GDPR and DPA 2018!
25/05/2022
Today marks four years since GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018 came into force, refreshing how we manage Personal Information.
Following Brexit, GDPR was adopted as UK GDPR. The key principles, rights and obligations remain the same and all staff should be aware of their responsibilities when handling personal information.
A suite of guidance is available on the Information Management interchange pages here and mandatory Data Protection training is available on LearnPro (CLIVE).
Data Protection Audit
To ensure compliance with Data Protection legislation, the Council needs to know what personal data is held, how it’s used, who processes it and the lawful basis for processing it. As the Council’s internal GDPR audit took place in 2018, we are currently reviewing all processing activities, policies and procedures across the Council to ensure that our record of these remains accurate and up to date.
What next?
We will be contacting Heads of Service to request a Key Contact for each department to liaise with regarding the processing activities within that department, to assist us with updating Privacy Notices, Retentions and the Council’s Record of Processing Activities (ROPA), as well as, the Council’s Information Asset Register (IAR) of assets, systems and applications used for processing, or storing personal data across the Council.
If you have any queries, please feel free to get in touch with the Council’s Data Protection team at: dataprotection@moray.gov.uk