Data Protection Officer (DPO) Service

The Data Protection Officer (DPO) Service:

  • Provides a dedicated email address and named officers for the Service.

  • Informs and advises the Council and its employees about their obligations to comply with the General Data Protection Regulations (GDPR) and other data protection laws.

  • Monitors compliance with the GDPR and other data protection laws.

  • Is the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

Councils are not required by law to appoint a DPO, but it is a very useful facility to have.

The parish council is both the Data Controller and Data Processor

The definitions are:

  • ‘controller’ - which means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • ‘processor’ - which means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

As a parish council you both decide how to process the data and then you process the data. The DPO role is to assist you to monitor internal compliance, inform and advise on your data protection obligations, and act as a contact point for data subjects and the Information Commissioner’s Office (ICO). 

If you would like to know more about the DPO or discuss joining the service, please contact Sophie Harding at sharding@northantscalc.gov.uk.