The Council’s General Data Protection Regulation (GDPR) preparations form part of its annual information governance action plan, which is overseen by its Information Governance Board. The action plan is implemented at a local level by the service areas.
- The right of access - You have the right to obtain confirmation that your data is being processed, as well as access your personal information. Further info can be found at Subject Access Requests.
- The right to rectification - You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- The right to erasure - You have the right to have all your data erased, also known as the 'right to be forgotten'.
- The right to restrict processing - You have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances.
- The right to data portability - You have the right to obtain and reuse your personal data for any purpose of your own across different services.
- The right to object - You have the right to object to processing in some circumstances. The processing must stop unless there is legitimate grounds that override your rights, interests or freedoms, or the processing has been done in regards to a legal claim.
For further information please go to the Information Commissioner's Office website
The technical security measures will differ between service areas, depending on the nature of the information being processed, but the Council has an information governance structure in place to ensure privacy risks are identified and addressed.
The Council also has suite of information governance polices in place that staff are required to adhere to. These policies cover information security, records management, and the access and use of information.
Southampton City Council has an Information Governance and Risk Framework in place. This includes polices on Information Security, Records Management, and Information Access and Use. If you require further information on the individual policies, or would like copies of these, please contact:firstname.lastname@example.org
The General Data Protection Regulation (GDPR) requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
It requires that appropriate technical or organisational measures are used, and the Council’s handling of its data will satisfy this requirement.
As a local authority, in nearly all matters the legal basis for processing data will be that is is necessary to perform its statutory duties, or to ‘carry out a public task’.
In certain circumstances, consent may be required, but the Council will ensure that it is always obtained by an affirmative action, in compliance with the General Data Protection Regulation (GDPR). Where consent is relied on, the individuals will be been given control and choice over the data.
If the processing is not being carried out as part of its statutory duties, Southampton City Council may still be able to process the information if it’s in their ‘legitimate interests’ to do so. Before doing so, we will be satisfied that there is a genuine and legitimate reason to rely on this, and the processing won’t adversely affect the individuals.
There may be occasions where your personal data is shared with other organisations, but the Council will only do so if it necessary as part of providing its services.
A list of the types of organisations we may share your data with can be found on its Information Commissioner’s Office (ICO) registration, but it will depend on the service being provided.
If the Council engages another organisation to process personal data on its behalf, it will be satisfied that it has the necessary technical and organisational measures to keep the data safe before doing so.
Find out more:
Information Commissioner's Office (ICO) registration
Yes, all processing will either be governed by a contract or other legal act. The contract will be complaint with the requirements under the General Data Protection Regulation (GDPR).
The Council will ensure that any person authorised to process the personal data has committed themselves to confidentiality or are under an obligation of confidentiality.
For information on how long the Council keeps information, please see its retention schedule.
The Council does not have any official accreditation however we were audited by the Information Commissioner Office (ICO) in 2016. More information about the audit can be found on their website. With regard to its information held in respect of social care, the council’s latest IG Toolkit return can be viewed on NHS Digital’ website.
Council staff follow guidance on appropriate technical measures to use when sending different types of information securely.
The recipients of some of our e-alerts will be receiving re-engagement e-mails asking them to confirm that they still wish to receive the e-bulletins they have expressed an interest in. If you receive one of these e-mails, and you still want the e-alert sent to you, you just need to click on the ‘Yes’ button in the e-mail and you’ll continue to receive them. It’s that simple. If you don’t wish to receive them then just log in to your Stay Connected account and you can manage which e-bulletins you receive. Anyone who has received a re-engagement e-mail from us and doesn’t take any action by the 25 May will have their account deleted.