This is a statement of the Data Protection Policy adopted by Local Government Association to cover its obligations under the Data Protection Act 2018 ('the DPA').
The Data Protection Act 2018 regulates the processing of information relating to individuals, this includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
The LGA need to collect and use certain types of information about people with whom it deals in order to in order to carry out its everyday business and fulfil its constitutional functions and objectives. These include current past and prospective staff and officer, members of local authorities, suppliers, clients, customers and others with whom it communicates and may also hold information on other persons it deals with in the conduct of its activities, In addition, it may occasionally be required by law to collect and use certain types of information of this kind. This personal information whether in print on computer or recorded on other material must be collected, held and used in accordance with the Data Protection Act principles.
Summary of Principles
Data users must comply with the Data Protection principles of good practice which underpin the
Act these state that personal data shall:
- processed lawfully, fairly and in a transparent manner in relation to the data subject
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data
The LGA regards the lawful and correct treatment of personal information as very important to its successful operations, as it maintains confidence between those with whom it deals. To this end the LGA will:
1. Hold the minimum personal information necessary to enable it to perform its business
2. Comply with both the law and good practice in the handling of personal data
3. Treat all information about individuals, with respect and with regard to personal privacy
4. Be open with individuals about how their personal data is collected, used and stored.
5. Provide appropriate training and guidance to staff on the obligations under the Act
6. Interpret the Act, and associated regulations, with regard to the advice of the ICO and relevant directives of the European Commission. In all cases the LGA will have regard to the interests of the individual subject of the personal data and their rights (as set out on the LGA’s Privacy Statement).
7. Apply the data protection principles as the foundation for information management in the organisation.
8. The LGA will only process personal information for those purposes it has specified beforehand to the individual or by notification to the ICO.
All staff are responsible for ensuring that:
- Any personal data they hold, whether in electronic or paper format, is kept securely.
- Personal information is not disclosed deliberately or accidentally either orally or in writing to any unauthorised third party.
- The LGA and all staff who process, or use personal data must ensure that they abide by these principles at all times in the processing and use of personal data.
Data Controller registration
Details of the LGA’s notification under Registration Number Z5871320 can be viewed at http://www.ico.gov.uk/ESDWebPages/search.asp.
Making a request for your own personal data
If you wish to request information which is held by the LGA and which relates to yourself, please complete our data access form and email it to firstname.lastname@example.org
Or write to
IT and Business Management
Local Government Association
18 Smith Square
The LGA aims to comply with request for access to personal information as quickly as possible, but the LGA must comply with a subject access request within thirty days of receipt or the request, or if later, within one month days of the receipt of the identity information required, the completed subject access request form and the relevant fee.
The LGA does not need to comply with a request where it has received an identical or similar request from the same individual unless a reasonable interval has elapsed between compliance with the original request and the current request.
Further information about your rights under the Data Protection Act 2018 is available from the website of the Information Commissioner’s Office http://ico.org.uk/
The LGA is committed to protecting your privacy online.