Data Protection Policy

8.1    The Council undertakes a risk-based assessment, known as a Privacy Impact Assessment (PIA), of any new policies, projects and supporting IT systems. A PIA template is available for staff.

8.2    The Council maintains a central register of all PIAs undertaken.

8.3    Areas where PIAs will be required includes, but is not limited to:
•    implementation or upgrades of IT systems;
•    using existing data for new or alternative uses to that from its original purpose;
•    new surveillance systems;
•    consolidation of data held in separate parts of the organisation;
•    changes to legislation, policies or strategies which may affect privacy through collection or use of information;
•    new websites or mobile applications capturing personal data;
•    development of online forms and interfaces with back-office systems.