Toggle search
Toggle menu

Data protection policy

Data protection legislation principles

All processing of personal data must be done in accordance with the data protection principles as prescribed in data protection legislation:

  • personal data shall be processed lawfully, fairly & transparently ('lawfulness, fairness and transparency')
  • personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ('purpose limitation')
  • personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation')
  • personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay ('accuracy')
  • personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ('storage limitation')
  • personal data shall be processed in a manner that ensures appropriate security of the personal data, including against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')

Furthermore, as a Data Controller Great Yarmouth Borough Council are responsible for, and required to demonstrate compliance with the principles ('accountability'). The Council's accountability is demonstrated in numerous ways, including:

  • the provision of mandatory data protection training, refresher training and advanced training for Data Champions
  • the assignment of responsible individuals across the organisation (as set out at Section 2) including the assignment of the Data Protection Officer and Data Champions from across service areas who help to maintain high standards of data privacy and attend regular meetings
  • through the application of Council policies which are all regularly reviewed, promoted and accessible and read by all new employees
  • through a robust internal audit system
Prev : Responsibilities Next : Lawful processing
(opens new window) Print entire document
Last modified on 28 July 2022

Share this page

Share on Facebook Share on Twitter Share by email