GDPR and Stakeholder Consultation

It can’t have escaped your notice, with stories about Facebook and data breaches at myfitnesspal, that personal data is high on the agenda at the moment.  You will also probably know that citizen control of their own personal data is being enhanced by the new GDPR regulations coming into force in May this year.

Thorncliffe | Your Shout holds many thousands of pieces of personal data in the course of its work for clients – consulting with stakeholders and the community, and identifying people who can support their planning applications.

So we thought it would be reassuring for you to know that we are very active in ensuring that we hold this personal data lawfully and responsibly, and that we dispose of it in a timely fashion when that lawful use is over.

In our work, the first thing we recognise is that this personal data, be it their name, address, phone or email address belongs to the person who gave it to us, and it is only on loan for as long as the person who has given us this information has consented to give it to us.  So, for instance, if we are collecting the information during the course of a consultation of a planning application, we are only lawfully allowed to hold it whilst that planning application is ongoing, or whilst we are still working on that application.  So we take steps to delete the data soon after.

The second thing we recognise is that we must have the explicit consent of that individual who has loaned their data to us.  So our feedback cards, sign in sheets, websites and our supporter letters have new prominent messages on them to make people know that we will only use their data for an explicit purpose, and dispose of it thereafter.  That means that they know that by giving us their personal details, they are consenting for us to process their data. And we record how we gathered this consent.

It’s vital to be transparent.  The people we consult and who deal with us will trust us as long as we prove to be trustworthy.  So telling them how they can withdraw their consent for us to use their personal data is also necessary, as well as their right to complain at any time about our handling of their data.

We’ve updated our digital infrastructure to secure all systems where we hold and process personal data.  Our client websites (and our own) are all secure (SSL compliant) where we collect data, and we have taken other steps to ensure data is secure.

And finally, its no good to do all this unless we make it best practice within our company and train our staff.  So we are holding one of our in-house Delivering Quality Service sessions for all colleagues so that they know what the changes are, how to behave and how to treat personal data properly. The question our colleagues need to answer is “do your clients need that personal data and have you secured proper consent to hold it for that purpose”.

GDPR is a good example of where Thorncliffe | Your Shout acts proactively and responsibly to ensure we are compliant, undertaking best practice, and doing the right thing for both our clients and for the individuals we consult.