Appropriate policy document

This principle requires that the data controller shall be responsible for, and be able to demonstrate compliance with the above data protection principles. Our Data Protection Officer is responsible for monitoring our compliance with these principles.

We will:

• keep a record of all personal data processing activities and make these available to the Information Commissioner upon request

• carry out a data protection impact assessment for any high risk personal data processing, and consult the Information Commissioner if appropriate

• ensure that a Data Protection Officer is appointed to provide independent advice and monitoring of our personal data handling, and that this person has access to report to the highest management level of the council ad has the resources necessary to carry out the requirements of the role

• have in place internal policies, procedures and processes to ensure that personal data is only collected, used or handled in a way that is compliant with data protection law

• ensure that all employees receive annual data protection and information security training

• undertake regular data protection audits

• maintain logs of security incidents, data protection rights requests and details on information sharing with partners