Watch Environment Scrutiny Committee - Wednesday 14 January 2026 10.00 am
Responsibilities
In this section
Responsibilities
Gloucestershire County Council is a data controller under the Data Protection legislation. The Corporate Leadership Team (CLT) is responsible for ensuring compliance with this policy.
Senior Managers are responsible for ensuring that their business areas have processes and procedures in place that comply with the Data Protection legislation and this policy. They are responsible for ensuring that data is appropriately protected or that controls are in place to prevent access by unauthorised personnel, and that data cannot be tampered with, lost or damaged. They are also responsible for ensuring that Information Assets have an appropriate nominated owner.
The Information Management Service is responsible for providing day to day advice and guidance to support the council in complying with the Data Protection legislation and this policy.
Each Information Compliance Champion shall promote good practice and assist their Senior Managers in ensuring compliance with the Data Protection legislation and this policy. The nomination of such a person shall not release other members of staff from compliance with the Data Protection legislation and this policy.
Information Asset Owners are responsible for ensuring that the information contained within their systems (paper or electronic) is accessed and shared appropriately and in accordance with the Data Protection Act.
The council appoints Caldicott Guardian/s and Angel/s to provide advice to ensure that where personal information is shared (particularly in relation to patients, children and vulnerable adults) it is done properly, legally and ethically.
All members of staff, contractors and elected Members who hold or collect personal data are responsible for their own compliance, and must ensure that personal and/or special category information is kept and used in accordance with the Data Protection legislation and this policy. In particular, staff must not attempt to access personal data that they are not authorised to view. Failure to comply with the Data Protection legislation may result in disciplinary action which could further lead to dismissal and, in some cases, criminal proceedings/prosecution.
Last reviewed: