Data Protection Compliance
Dear Sir/Madam,
I am writing to make a formal request for information under the provisions of the Freedom of Information Act 2000. I kindly request that you provide me with the following information:
1. A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR).
2. A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.
3. A copy of all privacy impact assessments conducted by your organisation.
4. A copy of all data protection impact assessments conducted by your organisation.
5. A copy of all international transfer risk assessments conducted by your organisation.
6. A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of it.
7. A copy of your organization's data protection policy.
8. A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides.
9. A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.
10. A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.
I understand that under the Freedom of Information Act, you are required to respond within 20 working days. To stay within section 12 - cost limits, I suggest asking your Data Protection Officer for the information. If this is not possible, I suggest a search of your compliance platform and your Microsoft estate for the following search terms (not case sensetive):
1. "records of processing activity" OR "ropa"
2. "legitimate interest assessment" OR "LIA"
3. "privacy impact assessment" OR "privacy impact assessments" OR "PIA"
4. "data protection impact assessment" OR "DPIA"
5. "transfer risk assessment" AND "personal data"
6. "accountability framework"
I would prefer to receive the requested information in electronic format via email.
Should you require any clarification or further details in order to process this request, please do not hesitate to contact me. I would be grateful if you could confirm receipt of this request and provide a reference number for future correspondence.
Thank you for your attention to this matter. I look forward to receiving the requested information within the statutory timeframe.
Yours faithfully,
Jay Bhanji
Dear Jay
Thank you for your request for information regarding ‘Data Protection Compliance’ (reference number 09701). Your request was received on the 19/06/23 and I am dealing with it under the terms of the Freedom of Information Act 2000 and/or Environmental Information Regulations 2004.
In some circumstances a fee may be payable and if that is the case, I will let you know. A fees notice will be issued to you, and you will be required to pay before we will proceed to deal with your request.
If you have any queries about this request, please contact Information Governance on 01254 585852. Alternatively, our email address is [email address]. Please remember to quote the reference number above in any future communications.
Kind regards
Fatima Makken
Information Governance Officer
Email: [email address]
01254 585852
Dear Jay,
Thank you for Request for information.
Please can you clarify that you require this information in relation to the Police and Crime Panel?
Kind Regards
Fatima Makken
Information Governance Officer
Email: [email address]
01254 585852
Dear Jay
Thank you for your request for information regarding ‘Data Protection Compliance’ (reference number 09701); Please see our response attached/below. If you have any queries regarding your request for information then please don’t hesitate to contact us.
Please be advised Blackburn with Darwen Borough Council is just the host authority that administers the Police & Crime Panel meetings. Data and information in relation to the PCC will need to be directed to the OPCC.
If you are unhappy with the service you have received in relation to your request for information and wish to make a complaint or request a review of our decision, you should write to: Information Governance Manager, Information Governance, Blackburn with Darwen Borough Council, 3rd Floor, Old Town Hall, Blackburn, Lancashire, BB1 7DY or email [email address]
If you are not content with the outcome of your complaint, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Council. The Information Commissioner can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Please find attached our 'have your say' feedback policy.
Kind Regards,
Fatima Makken
Information Governance Officer
Email: [email address]
01254 585852
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now