To ensure that the council provides you with an efficient service we will sometimes need to share your information between Council departments as well as with our partner organisations that support the delivery of the service you may receive, for example -
- other Councils
- NHS/their contracted providers
- Fire Service
- voluntary organisations
- government departments
We will also need to supply your information to people and organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have enough technical and organisational measures in place to protect your information and we have contracts in place.
Before sharing information the council will ensure that -
- Data Protection Impact Assessments are completed as necessary to assess any risks or potential negative effects of the sharing
- Privacy Notices are up to date to inform people about sharing, where necessary
- Technical safeguards such as encryption and access controls are in place to keep information secure
- Information Sharing Agreements are completed, detailing the procedure and expectations of the people involved in the sharing
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA). We will only transfer your personal information overseas where there is a specific requirement or law to do so. We will ensure all processing complies with the requirements of the Data Protection Act and the GDPR.
National Fraud Initiative (NFI)
We are also required to take part in the National Fraud Initiative (NFI). This is a data matching exercise organised by the government, every Council in England is required to provide particular sets of data to the Minister for the Cabinet Office. Data matching exercises are carried out by the government with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. This does not require the consent of the individuals concerned under the General Data Protection Regulation.