Gloucestershire County Council Privacy Notice

How long do we keep your personal data for?

We keep personal data for different lengths of time, depending on the reason it was collected and the services is was used by.

Sometimes the law will specify how long we have to hold personal data for, in other cases we will determine the length of time.

You can find detailed information on how long we keep personal data in our Records Retention and Disposal Schedule, available on our How long do we keep records for? page.

How do we keep your personal data secure?

Technical and physical security measures

The council protects the privacy and security of the data that we control and use. This protection includes:

• Baseline security recruitment checks;
• Controlled access to buildings;
• Restricted and controlled access to the council’s ICT network;
• Automatic locking of PCs when not in use;
• Virus protection and firewalls;
• Secure email;
• Patching and updating of systems to maintain the security and integrity of the council network.

Organisational measures

To support the physical and technical measures we have a range of controls that helps us secure your personal data, including:

• An Information and Data Management Strategy;
• A suite of data protection, information security and management policies;
• An Information Board that oversees information management activity;
• A Senior Information Risk Owner (SIRO); a Director with accountability for information security;
• Caldicott Guardians;
• Online training for staff – completion is monitored and recorded electronically;
• A clear procedure for reporting and dealing with suspected breaches of data protection;
• An approach that is accredited by the NHS Data Security and Protection Toolkit;
• Internal Audit; and
• Robust procurement security assessments and contractual clauses.