Guest speaker Alex Saunders, Partner at Leathes Prior Solicitors, recently joined us at the Scribe Academy to share the secrets to protecting your Council from legal risks and unveil the key legal documents that are absolute must-haves for every Council!
This presentation covers:
- The essentials of legal document management for Parish & Town Councils
- Protecting your Council from legal risks
- The key legal documents every Council needs
2. Key Documents
Data Protection Policy
Website Privacy Policy
Data Retention Policy
Website Terms & Conditions
Hiring Agreements
3. When does UK GDPR apply?
Name
Address
Email address
Identification number
Location data
IP address
Personal Data
Collecting
Handling
Processing
Transferring
Storing
Use
All Councils – regardless of size – will collect and use personal data
4. Data Protection Policy
Data Protection Policy is a policy document which sets out the
organisation’s code of conduct for using personal data
Internal document
Intended for Councillors, Council staff and any consultants
Focusses on all personal data (not category specific)
Should not form part of employment contract
5. Importance
UK GDPR Article 5(2) - the controller shall be responsible for,
and be able to demonstrate compliance with, data protection
principles (“accountability”)
Accountability means that Councils must show how complying with UK GDPR
Implement
policies
Ensure
compliance
Address
deficiencies
Avoid fines or
other
consequences
7. Key Terms
Data Protection Principles
• Lawfulness
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability
Practical points
• Appropriate
• Easy to understand
• Possible to implement
• Practical steps
• Review
8. Website Privacy Policy
Website Privacy Policy is a notice to website users and others setting
out how, when and why the organisation uses personal data
Features
• External document
• How you collect and use data
• Why you collect and use data
• Lawful basis
• Data retention
Purpose
• Provide transparent information
• Inform data subject of their rights
• Control over information
• Strike a balance
9. Importance
UK GDPR Article 12(1): information must be provided in a
concise, transparent, intelligible and easily accessible form
(the “right to be informed”)
Take privacy seriously
Confidence and trust
Protect against liability
10. Key Terms
Council’s contact details
Plain language
Concise
Transparent
Accessible
Consider your audience
Review and update
Types of personal data collected
Where this is collected from
Purpose of collection
The lawful basis for processing
Who personal data is shared with
How long it is kept for
User rights
11. Data Retention Policy
Data Retention Policy is a document which sets out how long data is
retained and how it is disposed
Retention
Location, length of time for different
types of data, security
Disposal
When, how, supervision
Personal data
Name, address, email
Non-personal data
Anonymised documents, generalised
data
12. How long can personal data be retained?
Personal data can be retained for as long as the organisation needs it
for the reason it was first collected
No specified timescales for retention
In practice: it is for the organisation to justify why they still need the
personal data
13. Importance
Data minimisation:
adequate, relevant, and
limited to what is necessary
Storage limitation: kept for
no longer than is necessary
• Document retention periods
• Compliance with data
protection principles
• Privacy policy information
• Regulatory requirements
• Efficiency and good practice
Ensuring quality of data
14. Key Terms
Scope Data types and policy objectives
Roles Overall responsibility, employees’ roles, DPO
Personal and non-personal data – special categories
Types
Retention Duration for each category
Disposal Storage and timely disposal
Reporting Questions and reporting breaches
15. Website Terms & Conditions
Rules
Relationship
Terms of use
IP rights
Disclaimers
Governing law
Website terms and conditions set out the legal rights and obligations
between the organisation and the users of its website
16. Importance
• Acts as a binding contract
• Sets out legal rights and
obligations
• Limit your liability
• Set the governing law
17. Key Terms
IP
Acceptance
Obligations
Users must accept
Liability
Law
Your ownership and protection
What users can and cannot do
Limitation of liability
Governing law and jurisdiction
Incorporation
18. Hiring Agreement
• Meeting rooms
• Community halls
• Classes
• Events
• Potential repeat bookings
Hire details
Standard terms
Uniformity
20. Key Terms
Hire details
Standard terms
Charges and deposit
Event, date, hire period, venue
Name and address
Use of the venue and behaviour
Payment
Liability
Cancellation
General