We gather, hold, analyse and use substantial amounts of personal data in discharging its functions and are a data controller for that personal data. It is required to comply with the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 (‘DPA’). This document outlines how we seek to ensure compliance with that legislation.
This document, alongside the Information Asset Register and related documentation, forms our records of processing for the purposes of Article 30 GDPR and its relevant policy document for the purposes of Schedule 1 DPA. This document will be reviewed annually to ensure that it contains an adequate and up-to-date record of the CCO’s processing activities.