Decision Maker:

Outcome: Recommendations Approved (subject to call-in)

Is Key Decision?: No

Is Callable In?: Yes

Date of Decision: January 22, 2026

Purpose: The Council’s data protection policy has been updated to reflect current best practice and legal interpretation. Some changes have also been made to depersonalise roles, removing reference to officer’s names, the policy has been made gender neutral and there has been some tidying up of language and formatting so that the policy aligns with other Council policies.

Content: Cabinet approved the Council’s new Data Protection Policy that was appended (as Annex 1) to the Cabinet report.

Reasons for the decision: The Council’s existing policy had not been updated since the General Data Protection Regulations came into effect in May 2018. The revisions in this updated policy are necessary to:   Reflect the latest legal interpretations and best practices for data protection compliance specifically noting that since October 2021 the information Governance and Equalities Manager also serves as the Data Protection Manager.   Ensure synergy with recently updated Digital and ICT policies, including the Acceptable Use, Cyber Security, and Digital Security policies.   Improve accessibility and remove gender-based language.

Alternative options considered: It was available to Cabinet to consider not accepting the revised policy or to request further amendments. This was not the recommended option and the Data Protection Officer advised that failing to implement these updates would weaken the Council’s legal compliance and hinder integrated decision-making.