East Bergholt Parish Council
Adoption of Updated Data Protection Policy, Privacy Notice and
Information Technology (IT) Policy
Author
Rob Smith
Purpose of Report
The purpose of this report is to present three updated governance policies for
Council approval:
• Data Protection Policy
• Privacy Notice
• Information Technology (IT) Policy
These policies set out how the Council manages personal data, protects
information and governs the use of its technology systems.
Background
The Council’s existing policies were originally based on earlier template guidance
and required updating to ensure they remain aligned with current legislation and
good governance practice.
In particular, the policies have been updated to reflect:
• The UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018
• Current transparency requirements regarding how resident data is handled
• Evolving cyber security risks associated with digital systems and remote
working
The updated versions retain the practical intent of the previous policies but
strengthen their legal accuracy, structure and clarity.
Key Improvements
The revised policies introduce several improvements.
Legal clarity – references to legislation and lawful bases for processing personal
data have been corrected and simplified to reflect UK GDPR requirements.
Improved transparency – the Privacy Notice provides clearer information to
residents about what information the Council collects, why it collects it and how
long it is retained.

Stronger governance – the Data Protection Policy now clearly sets out
responsibilities, breach reporting requirements and data governance practices.
Improved IT and cyber security guidance – the IT Policy introduces clearer
expectations around password security, use of personal devices, remote working
and responsible use of Council systems.
Risk and Compliance
Keeping governance policies up to date is an important part of ensuring the
Council remains compliant with legislation and operates in a transparent and
responsible way.
Adopting the revised policies will:
• Reduce regulatory risk in relation to data protection compliance
• Provide clearer guidance for councillors and staff
• Strengthen the Council’s approach to cyber security and information
governance
The policies are designed to be proportionate for a parish council while still
reflecting current best practice.
Financial Implications
There are no direct financial implications associated with adopting these policies.
Recommendation
Council is asked to:
1. Approve the updated Data Protection Policy
2. Approve the updated Privacy Notice
3. Approve the updated Information Technology (IT) Policy
Subject to approval, the policies will take effect immediately and will be reviewed
periodically to ensure they remain current.