Data Protection Policy

1. Data Protection Policy

2. Governance

3. Data Protection Principles

4. Data Collection & Use of Data

5. Data Subject Rights

6. Law Enforcement Requests & Disclosures

7. Data Protection Exemptions

8. Appendix A – Further Guidance on Conditions for Processing

9. Appendix B - Substantial Public Interest Conditions

10. Appendix C - Exemptions

Page Menu

Data Protection Principles

In accordance with the Data Protection Act 2018, Pembrokeshire County Council has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data;

Principle 1: Lawfulness, Fairness and Transparency

Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means that Pembrokeshire County Council must tell the Data Subject what Processing will occur (transparency), the processing must match the description given to the Data Subject (fairness), and it must be for one of the purposes specified in 4.2 (lawfulness of processing).

Principle 2: Purpose Limitation

Personal Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means that Pembrokeshire County Council must specify exactly what the Personal Data collected will be used for and limit the Processing of that Personal Data to only what is necessary to meet the specified purpose.

Principle 3: Data Minimisation

Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means that Pembrokeshire County Council must not collect or store Personal Data beyond what is strictly required.

Principle 4: Accuracy

Personal Data shall be accurate and kept up to date. This means that Pembrokeshire County Council must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.

Principle 5: Storage Limitation

Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed. This means that Pembrokeshire County Council must, wherever possible, store Personal Data in a way that limits or prevents identification of the Data Subject.

Principle 6: Integrity & Confidentiality

Personal Data shall be processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. Pembrokeshire County Council must use appropriate technical and organisational measures to ensure the integrity and confidentiality of Personal Data is maintained at all times.

Principle 7: Accountability

The Data Controller shall be responsible for, and be able to demonstrate compliance. This means that Pembrokeshire County Council must demonstrate that the six Data Protection Principles (outlined above) are met for all Personal Data for which it is responsible (this will include the use for Third Parties for processing purposes).

ID: 9848, revised 06/04/2023