The Information Governance team have developed 10 areas of work to ensure that our council is compliant with the UK General Data Protection Regulation (UKGDPR) and all aspects of data protection.
UKGDPR is part of the Data Protection Act 2018.
We regularly publish information and guidance on in our employee news and offer training on data protection on My Learning.
Our areas of work
1. Governance
Data protection officer
Revised policies and procedures
Improved risk management
Revised our privacy impact assessments
2. Assurance
Revised our internal audit regime
Agreed an approach to third parties
3. Third party management
Updated our standard data processing agreements
Sought assurance from third parties
4. Collection and use of personal data
Implemented a record of processing activities
Created new and update old privacy notices
Agreed when and how we capture consent
5. Retention and destruction
Revised and published the Essex County Council (ECC) retention periods
Agreed secure destruction standards
6. Data subject’s rights
Launched a complaints process
Updated the access, correction, deletion and restriction processes
Agreed where data portability applies to ECC
7. Security
Deployed encryption to all ECC devices
Improved incident handling (within 72 hours)
Implemented data quality controls
8. Systems and technology
Made sure systems enable UKGDPR requirements
Implemented privacy by design for all new projects and systems
9. Employee training and awareness
Refreshed e-learning for all staff
Provided training for relevant teams in ECC on UKGDPR
10. Employee personal data
Updated resources for employees on their rights
Updated employee privacy notices
For more help and information
UKGDPR compliance is everyone’s responsibility, however there are a number of people and resources that can support and advise you.
Information Governance team
The Information Governance team can assist you with how you can effectively manage your information.
You can contact a member of the team at informationgovernanceteam@essex.gov.uk.
Data protection officer
The Data protection officer (DPO) has formal responsibilities to monitor compliance with the GDPR. If you believe something is wrong and want to report a breach or a concern, please email dpo@essex.gov.uk.