Data Protection Policy

1.1    Welwyn Hatfield Borough Council (the Council) collects and processes personal data in performing its statutory and discretionary functions. The UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA) set out legal obligations the Council must adhere to when processing personal data. The six key data protection principles are:     
•    Personal information must be processed fairly, lawfully and in a transparent manner
•    Personal information will be collected for specified, explicit and legitimate purposes
•    Personal information must be adequate, relevant and limited to what is necessary
•    Personal information must be accurate and where necessary kept up to date
•    Personal information must be kept for no longer than is necessary
•    Personal information must be processed in a manner which ensures appropriate security of personal data.

1.2    This policy provides the framework which governs how the Council complies with its obligations under the UK GDPR and DPA. It applies to all employees, Councillors, volunteers, service providers, contractors, partner organisations, or any other third party data is shared with.