Issue - meetings
New Draft Data Protection Polices
Meeting: 05/05/2026 - Customer Services Scrutiny Committee (Item 54)
54 New Draft Data Protection Polices 
PDF 434 KB
Additional documents:
- 2. BDC DP Policy 2024 Accessible, item 54
PDF 315 KB
- 3. Draft_Data_Protection_Policy, item 54
PDF 520 KB
- 4. Draft_Data_Breach_Management_Policy, item 54
PDF 243 KB
- 5. Draft Individual Rights Procedure, item 54
PDF 334 KB
- 6. Draft_Redaction_Policy, item 54
PDF 199 KB
- 7. Draft Data Protection Complaints Procedure, item 54
PDF 125 KB
Minutes:
The Information and Engagement Manager presented the report to the Committee.
The Council took the security and privacy of data seriously and was committed to being transparent in the collection and use of personal data to meet its data protection obligations.
The Data Protection Policy 2025 (the ‘Policy’) was attached at Appendix 1 and set out the Council’s commitment to data protection and individual rights in relation to personal data and sensitive personal data.
It explained how the Council would hold and process personal information and explained individuals’ rights in relation to their data.
The Policy applied to all employees, Members, contractors, apprentices, agency staff and unpaid volunteers and those on work experience. It covered all personal data collected and used on paper and electronically. It covered the Council’s corporate databases, network, video and photographs, voice recordings, CCTV, Body Worn Video and mobile devices.
The previous document was a joint policy with North East Derbyshire District Council. Since its commencement, data protection legislation had moved forward considerably (e.g. UK GDPR and Data Protection Act 2018). The Policy addressed this new legislation.
The Chief Executive, Monitoring Officer and Information and Engagement Manager would be responsible for data protection at the Council and it was important the Council complied with UK legislation. It was stated the Policy would prove robust containing many updates (including on the safety of children).
After review by Members, the Policy would be submitted to Executive for approval and implementation.
The Policy was first presented to the Committee at its December 2025 meeting. Members had felt it appropriate to cross reference the Policy with the 3 documents mentioned within.
The Committee was provided, in addition to the report, with the following:
· the previous Data Protection Policy was attached at Appendix 1;
· the new Policy, in draft form, was attached at Appendix 2;
· the Draft Data Breach Management Policy was attached at Appendix 3;
· the Draft Individual Rights Procedure was attached at Appendix 4;
· the Draft Redaction Policy was attached at Appendix 5; and
· the Draft Data Protection Complaints Procedure was attached at Appendix 6.
Members were informed of the redaction process.
Members were informed on the compensation process.
To a question on the lifespan of the Policy (in the face of Local Government Reorganisation), the Committee was informed the Policy had been crafted to the best standards available and took into account all recent legislation passed / updated since the previous document.
It was noted any substantial future changes to legislation would result in the Policy being reviewed. Members felt it appropriate the Policy be reviewed every 12 months to ensure full compliance with legislation – this would additionally be added to the recommendation to Executive.
Moved by Councillor Emma Stevenson and seconded by Councillor Amanda Davis
RESOLVED that Members review the attached Data Protection Policy and provide comments for consideration as part of the development of the Policy in advance of formal Executive approval and implementation.