In this section
Information sharing
To make sure that the council provides you with an efficient service, we sometimes need to share your information between council departments. This is as well as with our partner organisations that support the delivery of the service you may receive. For example -
- other councils
- NHS and their contracted providers
- Police
- Fire Service
- HMRC
- DWP
- voluntary organisations
- government departments
We also need to supply your information to people and organisations we have contracted to provide a service to you.
We will only share your information if we are satisfied that our partners or suppliers have enough technical and organisational measures in place to protect your information. We must also have contracts in place.
Before sharing information, the council will ensure that -
- Data Protection Impact Assessments are completed as necessary to assess any risks or potential negative effects of the sharing
- Privacy Notices are up to date to inform people about sharing, where necessary
- technical safeguards such as encryption and access controls are in place to keep information secure
- Information Sharing Agreements are completed. They detail the procedure and expectations of the people involved in the sharing
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA). We only transfer your personal information overseas where there is a specific need or law to do so. We ensure all processing complies with the requirements of the Data Protection Act and the GDPR.
National Fraud Initiative (NFI)
We are also required to take part in the National Fraud Initiative (NFI). This is a data matching exercise organised by the government. Every council in England needs to give particular sets of data to the Minister for the Cabinet Office. Data matching exercises are carried out by the government with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. This does not require the consent of the individuals concerned under the General Data Protection Regulation.