Privacy & Data Protection
Data protection aims to regulate the collection, processing, keeping, disposal and disclosure of personal data. The current legislative framework governing this area is contained in the General Data Protection Regulation (GDPR) which came into effect in every member state across the European Union on 25th May 2018 and the Data Protection Act 2018 which gives further effect to this Regulation.
This legislative framework defines personal data as any information relating to an identified or identifiable natural person. It applies to personal data held in physical and electronic format by private and public organisations. It imposes responsibilities on those who control personal data (controllers) and those who process personal data (processors). It also confers rights on individuals in relation to their own personal data (data subjects).
The following principles underpin all of Mayo County Council’s data protection processes, practices and procedures:
- Lawfulness, Fairness and Transparency: Mayo County Council will ensure that the personal data it collects from data subjects is obtained lawfully, fairly and in a transparent manner.
- Purpose Limitation: It will clearly communicate to data subjects the purposes for obtaining their personal data and take measures to ensure that the processing of their personal data is limited to the purposes for which it was obtained.
- Data Minimisation: It will put in place measures to ensure that the personal data held by it is proportionate for the specified purpose that it was obtained.
- Accuracy: It will implement measures to ensure that errors in personal data are identified, reported and corrected in as timely a manner as possible.
- Storage Limitation: It will retain personal data for no longer than is necessary.
- Integrity & Confidentiality. It will maintain the highest standards of technical and organisational security measures to protect personal data.
- Accountability: It will actively monitor and govern the management of all personal data that it controls.
Data Subject Rights
Data subjects have the following rights:
- The right to be informed;
- The right of access;
- Right to the rectification of inaccurate or incomplete personal data;
- The right to erasure (also known as the ‘right to be forgotten’) of personal data;
- The right to portability;
- The right to object to the processing of personal data;
- The right of restriction to the processing of personal data;
- Rights in relation to automated decision making, including profiling.
In order to maximise transparency and give effect to the right of data subjects to be informed Mayo County Council has developed a Corporate Privacy Notice. The purpose of this corporate statement is to describe, in simple terms, the personal data that Mayo County Council collects from data subjects, why it needs the personal data, how it uses the personal data and how data subjects can interact with the County Council regarding their personal data.
Mayo County Council has implemented a range of technical and organisational security measures in order to safeguard the personal data under its control. However, on rare occasions, a breach of data security may occur for reasons such as accidental disclosure, equipment failure, loss or theft. It is the policy of Mayo County Council to ensure that in the event of a personal data breach occurring that appropriate measures exist to facilitate:
- The identification of personal data breaches and their consequences;
- The notification of personal data breaches to the Data Protection Commission and data subjects;
- Limiting and / or remedying the impact of personal data breaches;
- Implementing controls to prevent a reoccurrence of the personal data breach.
- The focus of such measures shall be on protecting the rights and interests of data subjects.
Mayo County Council has developed a Personal Data Breach Policy to facilitate it to respond appropriately in the event of a personal data breach occurring.
Further information and advice on Mayo County Council related data protection matters can be obtained from its Data Protection Officer. Contact details are as follows:
Postal Address: Data Protection Officer, The Annex, Mayo County Council, Áras an Chontae, Castlebar, Co. Mayo.
- Published: 16/06/2020 LGMA-2002-Retention-Policy-PDF.pdf (7.05 MB)
- Published: 16/06/2020 MCC-Breach-Policy-PDF.pdf (135.37 KB)
- Published: 16/06/2020 MCC-CCTV-Policy-PDF.pdf (178.78 KB)
- Published: 16/06/2020 MCC-Privacy-Statement-PDF.pdf (135.14 KB)
- Published: 16/06/2020 MCC-SAR-Policy-PDF.pdf (171.96 KB)