Scribe Academy recently welcomed Alex Saunders, Partner at Leathes Prior Solicitors, specialising in corporate, commercial and data protection law. Alex has joined us previously where we delved into FOI requests and the Data Protection Act, but the my most recent session focused on 5 key legal documents your Council needs & why.

While Local Councils in the UK have various legal documents they must maintain such health and safety and employment documents, this session focused on the key documents that I recommend you have in place, to ensure you have proper legal compliance and to protect your Council as much as possible.

‍

‍

Firstly, what is UK GDPR?

The UK GDPR is the data protection legislation that came into force in May 2018. This law applies when an organisation uses personal data – any information that identifies a living individual. The term "use" is broadly defined, encompassing the initial collection, handling, processing, and transferring of the data, including storing that information or accessing it.

If your Council handles personal data, which it most likely does, you should have the following documents in place to ensure overall compliance. Let's take a look!

‍

#1 Data Protection Policy

A Data Protection policy sets out your Councils code of conduct for using personal information and is essential for any organisation that handles person data. As a Town, Parish or Community Council it is highly likely that you handle significant personal data, such as:

• Personal contact information for residents or members of the community.
• Employee records and payroll information.
• Data relating to the provision of public services.
• Information for town planning or local development.

It's therefore necessary to demonstrate that as a Council you are handling this data responsibly, and in compliance with the law.

This internal document shouldn't be confused with external-facing documents like Website Privacy Policies or Employee Privacy Notices.

Read more on Creating a Data Protection Policy.

‍

#2 Website Privacy Policy

A Website Privacy Policy is a legal document that details how a Council collects, stores, protects, and uses the personal information it gathers from its website users. Personal information can include things like names, email addresses, physical addresses, IP addresses, and any other data that can be used to identify an individual.

The policy should clearly explain what information is being collected, why it's being collected, how it will be used, and how it will be kept safe.

Unlike a Data Protection Policy, a Website Privacy Policy should be an external document and easily accessible on your website, often in the footer of the web page.

The main reason for having a Website Privacy Policy is to promote transparency. It allows individuals to understand how their data is being used, thus giving them greater control over their information. The policy also helps strike a balance between the Council's requirements and the rights of the individuals providing their data.

Read more on Creating a Website Privacy Policy.

‍

#3 Data Retention Policy

Data Retention Policies establish guidelines for how long an organisation retains different types of data, and how they are disposed of once their retention period is over.

The GDPR doesn't specify retention timescales for different types of data. Instead, it says that data can be held for as long as needed, for the reason it was initially collected. Therefore, it's essential for a Council to justify and document its retention periods in a data retention policy.

A comprehensive Data Retention Policy should include a schedule that sets out how long each category of data is retained. Examples of these categories include employee data, candidate data, resident data, supplier data etc.

A well thought out data retention policy is a cornerstone of an effective data protection strategy. It ensures compliance, enhances efficiency, and minimises potential risks, contributing to the Council's overall data governance framework.

Read more on Creating a Data Retention Policy.

‍

#4 Website Terms & Conditions

Website Terms & Conditions, often unnoticed by many, play an essential role in setting up the legal rights and creating a contract between a Council and the users of its website. Also known as Terms of Use or Terms of Service, Website T&C's are a legal agreement between the website operator and its users, setting out the rules and guidelines that users must agree to follow in order to use the website.

They also serve as a protective measure for the Council, setting the parameters of liability. If there are any glitches or if the website experiences downtime, well-crafted terms can ensure the Council is not held accountable.

Read more on Creating Website Terms & Conditions.

‍

#5 Hiring Agreement

A hiring agreement is a specific type of rental contract used when the council leases or rents out their public facilities to individuals, groups, or businesses. This document establishes a clear legal framework for the temporary use of public assets. It defines the responsibilities of both parties, sets out the terms of use, and protects the Council's interests.

If your Council rents out community spaces such as meeting rooms, halls, sports facilities etc, it's crucial to have a streamlined hiring agreement in place to ensure the proper, respectful use of public assets, and to protect the Council from potential liabilities.

Read more on Creating a Hiring Agreement.

‍

Get in Touch!For any inquiries or further information, feel free to reach out to us:

• 📞 Call Us: 01603 610911
• 📧 Email: info@leathesprior.co.uk

We're here to help and look forward to hearing from you!

‍

⏯️ Scribe Playback - Watch Now

‍

💻 View the Slides

‍