Purpose:

This policy explains how the Parish Council manages its IT systems and protects personal data. It supports good security practice and meets UK GDPR and Data Protection Act requirements. Scope applies to all councillors, staff, contractors and volunteers who access Parish Council systems or data.  

Roles: 

Data Controller: Lowside Quarter Parish Council

Data Protection Lead: Councillor Kirstin Lang

IT Use: 

• Personal devices must have a password or PIN and be kept updated.  
• Only approved software and cloud services may be used.  
• Keep devices secure and report loss or damage immediately. 

Access & Passwords: 

• Each user must have their own account.  
• Passwords must be strong and not shared.  
• Access is removed when a person leaves their role.  

Email & Communication: 

• Use Parish Council email account for Parish Council business.  
• Be careful with links and attachments.  
• Check recipients before sending sensitive information. 

Data Protection: 

• Collect only what is needed.  
• Keep data accurate and stored securely.  
• Limit access to those who need it.  
• Do not keep data longer than necessary.

Data Storage: 

• Store data in approved Parish Council systems or secure paper files.  
• Avoid USB sticks unless encrypted.  
• Do not store Parish Council data in personal accounts unless authorised.

Data Sharing: 

• Share personal data only when there is a lawful reason.  
• Agreements must be in place when using third-party services.

Data Breaches: 

• Report any loss, unauthorised access or mistaken disclosure immediately.  
• Serious breaches may be reported to the ICO within 72 hours.  

Councillor Responsibilities: 

• Keep Parish Council information secure on all devices.  
• Delete or return Parish Council data when leaving the Parish Council.  

Training & Review: 

• Basic training will be provided. 
• The policy will be reviewed annually.