EAST BERGHOLT PARISH COUNCIL
DATA PROTECTION POLICY

Introduction
This Policy is adopted by the Parish Council pursuant to its statutory duty to comply
with the General Data Protection Regulations 2018, the GDPR, and the Data
Protection Act 2018. It will be made available to Councillors, employee(s), resident
representatives and, where appropriate, volunteers to ensure that they are aware of
the Parish Council requirements for data protection.
It will be periodically reviewed in light of experience and relevant guidance.
Information which is not Personal Data and is not confidential will be made available
to other parties, primarily partner organisations and residents of the Parish.
Details of information which is routinely available is contained in the East Bergholt
Parish Council’s Publication Scheme.
Personal Data is any data which concerns a living and identifiable individual, who
can be identified directly from that data or indirectly by reference to other data held.
Such Personal Data can be a name, photo, address, email address, bank details, or
other information which uniquely identifies an individual.
Processing includes obtaining, recording, holding or using information. The Parish
Council processes Personal Data to enable it to carry out its statutory duties,
represent the community of the Parish, provide and promote its services, undertake
fundraising, maintain its accounts and records and manage its employee(s) and
contractors.
The Parish Council will comply with the GDPR and the DPA 2018 by ensuring that
Personal Data:
• is processed lawfully, fairly and in a transparent manner
• is for specified, explicit and legitimate purposes
• is adequate, relevant and limited to those purposes
• is accurate, kept up to date and only held for as long as necessary
• is secure The Parish Council Code of Conduct obliges members/co-opted
members to address the following when representing the Parish Council:
Restricting access to information when the wider public interest, the Parish Council’s
Constitution, or the law requires it to;
• Behave in accordance with all the Parish Council’s legal obligations, the Parish
Council’s policies, protocols and procedures;

• Not knowingly do anything which might cause the Parish Council to breach any
legislation.
• Always treating all people and organisations with respect and propriety. These four
obligations from the Parish Council Code of Conduct and the requirements under
this Data Protection Policy will apply to Councillors as well as employee(s) and
resident representatives.
General Provisions
The Parish Council will be the registered Data Controller with the Information
Commissioner’s Office, ICO, and so has ultimate responsibility for ensuring
compliance with data protection legislation. The Clerk will be registered as the main
contact for the Parish Council with the ICO.
East Bergholt Parish Council is not required to appoint a Data Protection Officer.
Implementation of the procedural requirements of the policy will be effected and
monitored by the Clerk as part of the Clerk job description’s specified responsibility
to ensure that statutory and other provisions governing or affecting the running of the
Council are observed.
If, in future, small Parish Councils are confirmed as public authorities for the
purposes of the GDPR, the appointment of a Data Protection Officer will be made.
The Parish Council processes Personal Data in the following ways:
• pursuing the legitimate interests of its duties as a public body and maintaining
the information required by law

• recording and updating details about its Councillors, employee(s), partners
and volunteers

• recording details concerning individuals who contact it for information, to
access its services or facilities or to make a complaint;

• recording details of individuals who have made donations to the Parish
Council;

• maintaining records on its current, past and potential employees

The Parish Council’s right to process Personal Data is defined under the GDPR
Article 6 (1) (a), (b) and (e): 2 (a) processing is with consent of the individual; (b)
processing is necessary for the individual to enter into or for the performance of a
legal contract (e) processing is necessary for the legitimate interests of the Parish
Council.
Standard Parish Council documents including agendas, minutes, governance
documents and all Parish Council text and documents published on the Village
website will not contain Personal Data unless this is unavoidable and the inclusion

has been deemed lawful for the purpose or the data subject has given consent. The
lawful basis will be documented alongside the reference to the Personal Data.
Where possible records should use generic references such as resident of the
Village, Planning Officer, Managing Director etc.
Where it is necessary to obtain consent to hold Personal Data this will:
• be obtained by the Clerk;
• use the standard Parish Council consent form which will include reference to
an individual’s data rights as per the Privacy Statement;
• be filed so as to facilitate retention/update/deletion under the specified
timescales.
Documents which include Personal Data processed under lawful purposes not
requiring a time limited consent will be retained for the minimum retention period for
the relevant classes of document/record as advised by the SLCC.
Any queries please contact:
Parish Clerk on email: parish.clerk@eastbergholtpc.co.uk
The Clerk will report any data breach to the ICO as soon as reasonably practicable.
Complaints regarding the processing of Personal Data should be made to the Clerk
or the ICO on email casework@ico.org.uk, or Tel: 0303 123 1113
Approved: April 2026
For review: April 2027