GDPR Compliance Plan

The request was partially successful.

stephen williams

Dear Essex County Council

Freedom of Information request – GDPR Compliance Plan

I am writing to you because I understand that Essex is a leading local authority in terms of privacy compliance and I am interested in learning about best practice within the sector in terms of preparations for GDPR.

To this end I would be grateful if you could supply me with any of the following information that you may hold in connection with your GDPR compliance programme.

1. Data Mapping
a. Copies of the tools used to capture data for the personal data mapping exercise (e.g. questionnaires/spreadsheets etc.).
b. The records of processing activities and data flow maps/diagrams and any other products/outputs of the data mapping exercise.

2. Gap Analysis
a. Copies of any tools used to assess any shortfall or gaps in processing vis a vis GDPR.
b. The gap analysis report and any other products/outputs of the gap analysis exercise.

3. Project Plan
a. A copy of your GDPR project Plan and Gantt chart or equivalent.
b. Any formal reports (be that to management, your IG steering group and senior GDPR oversight group or equivalent and Committee/Executive) on GDPR.

4. Outsourcing
a. Copies of updated standard GDPR compliant contracts and written instructions for processing.

5. Solutions
a. Details of other potential processing solutions devised or identified either by Essex or in collaboration with other partners.

If any of this information is already accessible online it would be very helpful if you could supply a hyperlink to the location.

I am anxious to minimise the work involved in responding so please let me know if there are any modifications I can make to the request which will help avoid unnecessary effort or duplication.

Kind regards

Stephen Williams

Your Right To Know, Essex County Council

Dear Sir/Madam,

Thank you for your recent request for information which has received by Essex County Council.

Your request is covered by the Freedom of Information Act, under which we must respond within 20 working days.

We will determine and let you know whether we hold the information you have requested and consider whether we are able to release the information or if it is exempt from disclosure.

ECC does not usually charge for providing information to its requestors as the provision of electronic copies is negligible, however under certain circumstances we may have to do so if providing the information costs more than £25. We will let you know before we do any work that would incur a charge.

Please note that the response and data released to you as part of this request will be published on the Essex County Council website. The website address is http://www.essex.gov.uk/Your-Council/You.... All requests will be anonymised and no personal information including contact details will be disclosed as part of this process.

Please contact me if you would like further advice or assistance about your request, or your right to access information held by Essex County Council.

Yours sincerely,
Paula Girling
Your Right to Know
Information Services
Essex County Council
Telephone: 033301 38989
E-mail: [email address]

show quoted sections

Your Right To Know, Essex County Council

8 Attachments

Dear Sir/Madam,

Thank you for your request for information. Please find our response to
your request on the accompanying document(s).

I trust that this information satisfies your request. However, should you
require anything further, please contact me and I will endeavour to assist
you further.

If you are not satisfied with your response, please contact me so I can
try to resolve the issue. Alternatively, if you wish to make a complaint,
you can find the details at
http://www.essex.gov.uk/customer-service...

 

If, after following our complaints procedure, you are still not satisfied,
you are entitled to ask the Information Commissioner to review our
decision. You can contact the Information Commissioner at Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF; Telephone 0303 123 1113.

 

Please note that the response and data released to you as part of this
request will be published on the Essex County Council website. The website
address is
http://www.essex.gov.uk/Your-Council/You....
All requests will be anonymised and no personal information including
contact details will be disclosed as part of this process.

 

If you would like to take a short customer satisfaction survey please use
the link below

http://surveys.essexinsight.org.uk/TakeS...

 

Yours sincerely,

 

Paula Girling

Your Right to Know

Information Services

Essex County Council

Telephone: 033301 38989

E-mail: [email address]

This email (including any attachments) is intended only for the
recipient(s) named above. It may contain confidential or privileged
information and should not be read, copied or otherwise used by any other
person unless express permission is given. If you are not a named
recipient, please contact the sender and delete the email from your
system. It is the recipient's responsibility to ensure that appropriate
measures are in place to check for software viruses.

stephen williams

Dear Essex County Council,

Internal Review of Request: 'GDPR Compliance Plan'.

Thank you for the timely and helpful response to my FOI request which I have read carefully. I am particularly grateful that you have included the latest versions of documents showing the current state of you plans.

However, I am writing to request an internal review of the Council's handling of my FOI request because there are three elements to the response that I would ask you to look at again.

1. The decision to withhold information in accordance with the exemption at section 43(2). The decision notice does not provide sufficient information for me to be able to decide whether the exemption is properly engaged and the consideration of the public interest appears cursory and is not persuasive. The Notice refers to an accounting practice and does not evidence the actual commercial trading activity prejudiced. It is unlikely that proper consideration has been given to what information could be disclosed without prejudicing the protected interest.

2. It appears unlikely that the PID and the Board Highlight report supplied are the only or most relevant documents held relevant to the request for 'GDPR project Plan and Gantt chart or equivalent' . What documentation is being used to manage the project centrally and by each of the work streams? Where are the detailed due dates set out in the highlight report taken from?

3. The highlight report identifies a number of task as completed. It is submitted that these outputs fall within the scope of the request and the relevant documentation should have been disclosed in the response.

If you are able to agree agree points two and three without submitting them to an 'internal review' procedure could you please disclose the relevant information at that stage.

regards

Stephen Williams

Your Right To Know, Essex County Council

Dear Sir or Madam,

Your Review Request:

Thank you for your request for to review our handling of your recent request for information reference ECC2503911 05 17, which was received by Essex County Council on 21/06/2017.

Your request is covered by our Review Procedure and we endeavour to respond within 20 working days.

We will review the handling of your request and respond with our formal decision on the aspects you have asked us to address.

Please contact me if you would like further advice or assistance about your request, review or your right to access information held by Essex County Council.

Yours sincerely
Paula Girling
Your Right To Know
Information Services
Essex County Council
T: 033301 38989
E: [email address]
W: www.essex.gov.uk

show quoted sections

Your Right To Know, Essex County Council

1 Attachment

Dear Sir/Madam,

Thank you for your request for an Internal Review. Please find our
response to your request on the accompanying document(s).

If you are not satisfied with this response and wish to make a complaint,
you can find the details at
http://www.essex.gov.uk/Pages/Complaints...

 

If, after following our complaints procedure, you are still not satisfied,
you are entitled to ask the Information Commissioner to review our
decision. You can contact the Information Commissioner at Wycliffe House,
Water Lane, Wilmslow, Cheshire, SK9 5AF; Telephone 0303 123 1113.

 

Yours sincerely,

Paula Girling

Your Right to Know

Information Services

Essex County Council

Telephone: 033301 38989

E-mail: [email address]

 

 

This email (including any attachments) is intended only for the
recipient(s) named above. It may contain confidential or privileged
information and should not be read, copied or otherwise used by any other
person unless express permission is given. If you are not a named
recipient, please contact the sender and delete the email from your
system. It is the recipient's responsibility to ensure that appropriate
measures are in place to check for software viruses.