Data Protection and General Data Protection Regulations (GDPR)

The request was successful.

Dear Burpham Parish Meeting,

Please provide the following information:
1. Has a data audit been carried out? if so when? who carried out the audit? and please provide the results of this audit. If the audit is still ongoing please provide the estimated conclusion date of the audit.
2. Please provide the procedure used for the appointing of the party or parties that carried out the data audit.
3. Please provide a copy of the relevant Privacy Notices. Please also include the review date of the Privacy Notices and the accessibility of the Privacy Notices.
4. What steps have been undertaken to obtain additional consent from data subjects?
5. Please provide in full the policies, procedures, review dates and the responsible officer(s) for the following:
a. Data Protection
b. Data Privacy
c. Subject Access Requests
d. Data Subject Access Requests
e. Data Privacy Impact Assessments
f. Data Sharing
g. Cyber-security checks
h. Data breaches
i. Handling of, processing of, collection of, storage of, retention of, disposal of, and deletion of personal data
j. Handling of, processing of, collection of, storage of, retention of, disposal of, and deletion of sensitive data
k. Obtaining additional consent from data subjects. Please provide copies of sample consent form used for this purpose.
l. Identifying if data subjects are legally classed as children or individuals unable to make decisions for themselves to enable the obtaining of the relevant additional consents from the appropriate parties for any data collection and processing activity
6. Has a Data Protection Officer been appointed? if so when were they appointed? what was the appointment process? when was the appointment made? and who is the Data Protection Officer?
7. Is there a Registered Data Controller? if so when were they appointed? what was the appointment process? when was the appointment made? and who is the Registered Data Controller?
8. Are there any suppliers of any kind for any good or services, and if so are written contracts in place for all suppliers?
9. Has formal registration with the Information Commissioners Office for the purposes of compliance with the requirements of the Data Protection Act been undertaken? If so, when was formal registration with the Information Commissioners Office undertaken? and what is the councils registration reference?

Yours faithfully,

L-M Nelson (Miss)

Village Committee, Burpham Parish Meeting

Dear Miss Nelson, I have provided a ‘plain English’ response to your
query, as well as replying individually to the items listed. 

 

Burpham Parish Meeting (BPM) is a governing body below that of a Parish
Council, which is granted certain statutory responsibilities, mainly to do
with planning and use of land. This can include, for instance, management
of allotments, being notified of boundary changes, lighting the roads,
managing memorials, and provision, should it be necessary, of land for
burial.  As such, we precept the District Council each year for funds to
cover our expenses.  We have audited accounts, and we hold an AGM each
year between 1^st March and 1^st June.   We have recently carried out a
data audit and found that we do not hold any personal data other than the
names of BPM officers. Of course, we hold individual email conversations
with council officials, where we keep the name and email address of the
person contacted in an email system,  but these don’t form part of an
organized register.

 

Much of the open space and the social aspects of Burpham and Wepham is
managed by a charity, the Burpham and Wepham Village Committee and
Recreation Ground (BVCaRG). Its affairs are managed by a governing
committee, the Burpham Village Committee (BVC)  and this organisation
maintains a central emailing list of ‘opted-in’ subscribers for
communications purposes.  If BPM wishes to communicate generally, it sends
an email to the BVC, which forwards it through the central emailing
system.  

 

I have tried to answer your questions in this context below:

 

Dear Burpham Parish Meeting,

Please provide the following information:
1.      Has a data audit been carried out? if so when? who carried out the
audit? and please provide the results of this audit. If the audit is still
ongoing please provide the estimated conclusion date of the audit.   Yes
(see Q2)  No register of personal data is kept.
2.      Please provide the procedure used for the appointing of the party
or parties that carried out the data audit.  The Parish Clerk appointed by
the Chairman conducted the audit. No personal data was identified. 
3.      Please provide a copy of the relevant Privacy Notices. Please also
include the review date of the Privacy Notices and the accessibility of
the Privacy Notices.  There are two main websites.  One
[1]http://burpham.arun.gov.uk/main.cfm?type..., is currently
under redesign as it is being decommissioned by Arun Council.   The new
one will be launched in June.  The old site has details of the Parish
Meeting Annual Assembly and Accounts information and an access statement.
 [2]http://burphamvillage.co.uk is a more general website, which may be
subsumed at some point into the redesigned website.   It has a privacy
Policy (date reviewed May 2018) and a summary (Governance) of the roles of
the BPM and the BVCaRG.

4.      What steps have been undertaken to obtain additional consent from
data subjects?   As a separate entity, the  BPM only publishes details of
the officers of the Parish Meeting and the Auditor
5.      Please provide in full the policies, procedures, review dates and
the responsible officer(s) for the following:  As indicated, we don’t have
any data subjects. Jointly with BVCaRG, we will obtain consent from any
person whose personal data might need to be published in the minutes of
the BPM.
a.      Data Protection
b.      Data Privacy
c.      Subject Access Requests
d.      Data Subject Access Requests
e.      Data Privacy Impact Assessments
f.      Data Sharing
g.      Cyber-security checks
h.      Data breaches
i.      Handling of, processing of, collection of, storage of, retention
of, disposal of, and deletion of personal data
j.      Handling of, processing of, collection of, storage of, retention
of, disposal of, and deletion of sensitive data
k.      Obtaining additional consent from data subjects. Please provide
copies of sample consent form used for this purpose.
l.      Identifying if data subjects are legally classed as children or
individuals unable to make decisions for themselves to enable the
obtaining of the relevant additional consents from the appropriate parties
for any data collection and processing activity
6.      Has a Data Protection Officer been appointed? if so when were they
appointed? what was the appointment process? when was the appointment
made? and who is the Data Protection Officer?   As of 11^th May, Parish
Meetings are exempt from appointing a DPO.

7.      Is there a Registered Data Controller? if so when were they
appointed? what was the appointment process? when was the appointment
made? and who is the Registered Data Controller?   As the BPM does not
process personal data in any automated form, we have not registered with
the ICO, and accordingly there is no registered Data Controller at
present.
8.      Are there any suppliers of any kind for any good or services, and
if so are written contracts in place for all suppliers?   The BPM doesn’t
not have any supplier contracts.
9.      Has formal registration with the Information Commissioners Office
for the purposes of compliance with the requirements of the Data
Protection Act been undertaken? If so, when was formal registration with
the Information Commissioners Office undertaken? and what is the councils
registration reference?  BPM has not registered with the ICO, as we hold
no personal data.
Yours faithfully,

L-M Nelson (Miss)

References

Visible links
1. http://burpham.arun.gov.uk/main.cfm?type...
2. http://burphamvillage.co.uk/