Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywpaul grant mewngofnodwch a gadael i bawb wybod.

Dear Information Commissioner's Office,

What lawful basis under GDPR 2018 is used for processing data from individuals for enforcing council tax.

Yours faithfully,

paul grant

icoaccessinformation, Swyddfa'r Comisiynydd Gwybodaeth

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

19 February 2021   

Dear Paul Grant  
Thank you for contacting the Information Commissioner's Office (ICO)
through the whatdotheyknow.com (WDTK) website.

The WDTK website was created to help people request information from
public authorities under the Freedom of Information Act (FoIA) and the
Environmental Information Regulations (EIRs).

The ICO is the regulator responsible for overseeing information rights
legislation. We are also subject to the legislation we oversee.

As a public authority the ICO is subject to the FoIA and EIRs and so if
people want to request information we might hold about our work as a
public body, they can do this through WDTK.

The correspondence you have sent to us is not a request for recorded
information we might hold. It is an enquiry about the legislation we
oversee. We provide a range of advice services for organisations and for
the public. However, we do not provide these through the WDTK website.

Please visit our website at [1]www.ico.org.uk where you will find a great
deal of advice about the legislation we oversee. You can also contact our
helpline on 0303 123 1113 where a member of our team will be happy to help
you.

You can also submit your enquiry in writing to [2][email address]. 
We will respond as quickly as we can.

Please do not reply to this message through the WDTK website. We make no
commitment to respond if you do.

Yours sincerely

The Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[3]ico.org.uk [4]twitter.com/iconews
Please consider the environment before printing this email.

For information about what we do with personal data see our privacy notice
at [5]www.ico.org.uk/privacy-notice.

dangos adrannau a ddyfynnir

Dear ICO Casework,

Dear LAWCOM (FOI),

The ICO is the regulator responsible for overseeing information rights legislation and that provides guidance to these billing authority councils that you would have a policy or procedure in place to ensure that they follow the same data protection laws DPA 2018 and the GDPR.

How can it be right for instance that Ashford Borough Council claim processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Yet Maidstone Borough Council claim processing is necessary for compliance with a legal obligation under the Council Tax (administration and enforcement) Regulations 1992.

They cannot both be right and have a different lawful basis, surely the law must apply equally to all councils when they are in a position of power and processing personal data.

Yours sincerely,

paul grant

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20210220-23559-4jy74#English
2. file:///tmp/foiextract20210220-23559-4jy74#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

Gadawodd paul grant anodiad ()

Can billing authorities 'councils' swop and change lawful basis how is this fair and transparent data processing?
Who does this processing benefit?
What is their relationship with the individuals whose personal data they are processing?
The councils are most definitely in a position of power over individuals who would most likely object and ask for the processing to stop, if ithis was going to have an unwarranted impact on them.

Gadawodd Tim Turner anodiad ()

Just pay your council tax, mate.

Gadawodd paul grant anodiad ()

Liverpool City Council use GDPR Article (6)(1)(c) legal obligation

Gadawodd paul grant anodiad ()

Merton Borough Council use Article 6(1)(c) processing is necessary for compliance with a legal obligation to which the controller is subject.

Dear icocasework,
Please note HMCTS were also asked what lawful basis under GDPR 2018 is used for processing data from individuals for enforcing council tax within Magistrates' courts, by both the court and the magistrates who grant the liability order.

HMCTS Discolsure Team claim that this is not a FOIA request and have been reminded that both the MOJ and HMCTS are required to follow the DPA 2018 and GDPR 2018 and are requested under the FOIA 2000 to provide all types of recorded information held as public authorities.

Yours sincerely,

paul grant

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

18 March 2021

Our reference: IC-94524-T2X5

Dear Mr Grant,

Thank you for your email of 20 February 2021. Please accept my apologies
for the delay in responding to you. We are currently dealing with a large
number of enquiries, which has meant that we have been unable to deal with
incoming enquiries as promptly as we would like.

It is up to organisations to decide which [1]lawful basis is most
appropriate for their processing of personal data. Which basis is most
appropriate to use will depend on their purpose and relationship with the
individual.

Our [2]guidance for public authorities states the following:

The public task basis is more likely to be relevant to much of what you
do. If you are a public authority and can demonstrate that the processing
is to perform your tasks as set down in UK law, then you are able to use
the public task basis. But if it is for another purpose, you can still
consider another basis.

For further information as to why the councils use the lawful basis they
do, you may wish to contact them directly. If you are concerned about the
way in which they process your personal data, you may wish to [3]raise a
concern with them in writing.

I hope this information is helpful to you. If you would like to discuss
this further, please contact me on my direct number 0330 414 6529. If you
need advice on a new issue you can contact us via our Helpline on 0303 123
1113 or through our live chat service. In addition, more information about
the Information Commissioner’s Office and the legislation we oversee is
available on our website [4]ico.org.uk.

Yours sincerely

Peter Berry
Case Officer
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 414 6529 [5]ico.org.uk [6]twitter.com/iconews  
Please consider the environment before printing this email
For information about what we do with personal data see our privacy notice
at [7]www.ico.org.uk/privacy-notice.

dangos adrannau a ddyfynnir

Dear ICO Casework,

Thank you for your reply, unfortunately it seems confusing to suggest that council /billing authorities are able to claim different lawful basis for the same task of enforcing council tax.

It appears that they cannot claim a public task as a lawful basis or a legal obligation the latter is for a criminal offence and council tax enforcement is a civil matter, please provide further clarification.

Yours sincerely,

paul grant

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20210506-7307-6mqezt#English
2. file:///tmp/foiextract20210506-7307-6mqezt#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

Gadawodd paul grant anodiad ()

Hertsmere Borough Council uses both Article 6.1(c) legal obligation and Article 6.1(e) performance of a public task or in the exercise of official authority vested in the controller.

Gadawodd paul grant anodiad ()

Medway Council use Article 6.1(c) legal obligation.

Gadawodd paul grant anodiad ()

Dudley Council use Article 6.1(c) legal obligation

Gadawodd paul grant anodiad ()

Thanet District Council use Article 6.1(c) legal obligation

Gadawodd paul grant anodiad ()

Croydon Council, Croydon Borough Council use Article 6.1(c) legal obligation

Gadawodd paul grant anodiad ()

Swale Borough Council use Article 6.1(c) legal obligation

Gadawodd paul grant anodiad ()

Stoke on Trent City Council use Article 6.1(e) public task

Gadawodd paul grant anodiad ()

Newham Borough Council use Article 6.1(e) public task ...

Gadawodd paul grant anodiad ()

Sevenoaks District Council and Dartford Borough Council both use Article 6.1(e) public task

Gadawodd paul grant anodiad ()

Wiltshire Council use Article 6.1(c) legal obligation

Gadawodd paul grant anodiad ()

Buckingham Council use Article 6.1(e) to provide a service as a local authority as part of their public task and use legal obligation Article 6.1(c) under Council Tax and Benefit legislation ....

Nid ydym yn gwybod a yw'r ymateb mwyaf diweddar i'r cais hwn yn cynnwys gwybodaeth neuai peidio - os chi ywpaul grant mewngofnodwch a gadael i bawb wybod.