GDPR Policy
Policy Adopted March 2026
.STUBTON PARISH COUNCIL
Data Protection (GDPR) Policy
Stubton Parish Council is committed to protecting personal data and complying with the UK General Data Protection Regulation and the Data Protection Act 2018.
The Council acts as a Data Controller when processing personal data in carrying out its statutory functions and community activities.
The Seven Data Protection Principles
Stubton Parish Council will comply with the following principles:
- Lawfulness, fairness and transparency
Personal data will be processed lawfully, fairly and transparently. Individuals will be informed how their data is used through Privacy Notices. - Purpose limitation
Personal data will only be collected for specified, legitimate purposes and not used for unrelated purposes. - Data minimisation
Only data that is necessary for the Council’s work will be collected and retained. - Accuracy
Personal data will be kept accurate and up to date. Inaccurate data will be corrected or deleted promptly. - Storage limitation
Personal data will not be kept longer than necessary and will be disposed of securely in line with the Council’s retention arrangements. - Integrity and confidentiality (security)
Appropriate technical and organisational measures will be in place to protect personal data from unauthorised access, loss or damage. - Accountability
The Council will take responsibility for complying with these principles and will be able to demonstrate compliance where required.