Privacy & Data Protection

Data protection aims to regulate the collection, processing, keeping, disposal and disclosure of personal data. The current legislative framework governing this area is contained in the General Data Protection Regulation (GDPR) which came into effect in every member state across the European Union on 25th May 2018 and the Data Protection Act 2018 which gives further effect to this Regulation.

This legislative framework defines personal data as any information relating to an identified or identifiable natural person. It applies to personal data held in physical and electronic format by private and public organisations. It imposes responsibilities on those who control personal data (controllers) and those who process personal data (processors). It also confers rights on individuals in relation to their own personal data (data subjects).

GDPR Principles

The following principles underpin all of Mayo County Council’s data protection processes, practices and procedures:

  • Lawfulness, Fairness and Transparency: Mayo County Council will ensure that the personal data it collects from data subjects is obtained lawfully, fairly and in a transparent manner.
  • Purpose Limitation: It will clearly communicate to data subjects the purposes for obtaining their personal data and take measures to ensure that the processing of their personal data is limited to the purposes for which it was obtained.
  • Data Minimisation: It will put in place measures to ensure that the personal data held by it is proportionate for the specified purpose that it was obtained.
  • Accuracy: It will implement measures to ensure that errors in personal data are identified, reported and corrected in as timely a manner as possible.
  • Storage Limitation: It will retain personal data for no longer than is necessary.
  • Integrity & Confidentiality. It will maintain the highest standards of technical and organisational security measures to protect personal data.
  • Accountability: It will actively monitor and govern the management of all personal data that it controls.

Data Subject Rights

Data subjects have the following rights:

  • The right to be informed;
  • The right of access;
  • Right to the rectification of inaccurate or incomplete personal data;
  • The right to erasure (also known as the ‘right to be forgotten’) of personal data;
  • The right to portability;
  • The right to object to the processing of personal data;
  • The right of restriction to the processing of personal data;
  • Rights in relation to automated decision making, including profiling.

Privacy Statements

In order to maximise transparency and give effect to the right of data subjects to be informed Mayo County Council has developed a Corporate Privacy Notice. The purpose of this corporate statement is to describe, in simple terms, the personal data that Mayo County Council collects from data subjects, why it needs the personal data, how it uses the personal data and how data subjects can interact with the County Council regarding their personal data.