Gloucestershire County Council Privacy Notice
We process the personal data that we collect for a number of different purposes. This privacy statement gives a general overview of how we use personal data.
As we offer a diverse range of services, the notice is layered, with general information supported by service specific privacy notices. These provide more detailed information about how we handle your information for specific council services, including who we will share your information with and why.
- Gloucestershire County Council General Privacy Statement
- Who do we collect personal data about?
- What personal data do we use?
- Why do we need your personal information?
- What gives us the right to use your personal information?
- Where do we get the personal data from and who will we share it with?
- How long do we keep your personal data and how do we keep it secure?
- Your rights
- Our Data Protection Officer
How long do we keep your personal data for?
We keep personal data for different lengths of time, depending on the reason it was collected and the services is was used by.
Sometimes the law will specify how long we have to hold personal data for, in other cases we will determine the length of time.
You can find detailed information on how long we keep personal data by viewing the our Records Retention and Disposal Schedule.
How do we keep your personal data secure?
Technical and physical security measures
The council protects the privacy and security of the data that we control and use. This protection includes:
- Baseline security recruitment checks;
- Controlled access to buildings;
- Restricted and controlled access to the council’s ICT network;
- Automatic locking of PCs when not in use;
- Virus protection and firewalls;
- Secure email;
- Patching and updating of systems to maintain the security and integrity of the council network.
To support the physical and technical measures we have a range of controls that helps us secure your personal data, including:
- An Information and Data Management Strategy (PDF, 254.3 KB) ;
- A suite of data protection, information security and management policies;
- An Information Board that oversees information management activity;
- A Senior Information Risk Owner (SIRO); a Director with accountability for information security;
- Caldicott Guardians;
- Online training for staff – completion is monitored and recorded electronically;
- A clear procedure for reporting and dealing with suspected breaches of data protection;
- An approach that is accredited by the NHS Data Security and Protection Toolkit;
- Internal Audit; and
- Robust procurement security assessments and contractual clauses.