Agenda item

The Council’s Data Protection Officer (DPO) submitted a report highlighting the key areas of his work which provided the Committee with information and assurances regarding the Council’s compliance with the Data Protection Act 2018 and UK General Data Protection Regulations (GDPR).

The report, in outlining the DPO’s activities and assurances, gave details of the areas in which he was to undertake or commission independent reviews of various aspects of Information Governance.

In summary, whilst the Committee could be assured, there would inevitably be data and information incidents.  There is however, a robust and comprehensive suite of policies and guidance in place supported by a strong and committed Information Governance Team.

The joint working and liaison between the DPO, Information Governance Team, the Senior Risk Information Officer, Customer Feedback and Improvement Team and Legal Services provides a robust basis to guide the Council to ensuring that data protection responsibilities were understood and complied with as effectively as was reasonably possible.

As a key source of assurance for the Committee, and to properly discharge the responsibilities of the DPO, the Committee noted that the DPO role requires independence from management, unfettered access to senior management and access to the necessary resources.  These key requirements were confirmed to be in place.

RESOLVED that the Committee considered the report and the information and assurances within it and agreed to receive a further update report in 6 months’ time in contribution to wider assurances as part of the Annual Governance Review process.