Currently, there are 0 users and 1 guest visiting this topic.
Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
  • #57421
    Julian Hobson

    has anybody started looking at the General Data Protection Regulations yet ?






    Julian Hobson





    yes we have also…..have you got any tips for us????


    Julian Hobson

    Not yet I'm afraid – I think maybe the trick is knowing exactly what and why we can ask for, keep, provide, exchange etc data. We get blurring with generic staff/teams thats nothing new but difficult to umpick. Potentially a lot of work unless DWP take some of the strain and issue stuff to us all that covers their bit, equally DfE for FSM and transport, DfT for Blue Badge etc etc etc – Another example of where £100,000s will be spent reinventing the wheel up and down the land and time is running out


    I think that most L/A's will be setting up some form of Corp response to this.  Think we have already engaged some "Consultants" for guidance…… that should sort it!  They can all see the £££££ signs.

    I also understand that for Capita sites, work is being done to offer up some better solutions around getting rid of old data records.

    As for imaging systems…………??




    Does anyone have any further information they can offer about their own LAs stance on consent (for HB and CTS claimants) under the new GDPR coming into force from May 2018?  We have a corporate team looking at this for Cornwall Council but the current thinking from a legal point of view is that our customers access the HB scheme and our CTS scheme through choice and so we should obtain fresh consent at the point the new regulations come into force.  We currently have a caseload of just over 50,000 so this would be a massively resource intensive exercise for us.  It also raises questions about what we would do with the claims if the customer does not provide fresh consent – suspend / cancel their claim?

    To be fair our own legal advisors understand the implications of this and are trying to interpret the new regulations themselves.  Has anyone had guidance from their own legal teams on this particular issue which they are willling and able to share?

    Thanks, Mark


    Taken from the ICO's website:-

    Lawfulness of processing conditions

    6(1)(a) – Consent of the data subject

    6(1)(b) –  Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

    6(1)(c) – Processing is necessary for compliance with a legal obligation

    6(1)(d) – Processing is necessary to protect the vital interests of a data subject or another person6(1)(e) –  Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    6(1)(f ) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

    Note that this condition is not available to processing carried out by public authorities in the performance of their tasks.

    Conditions for special categories of data

    9(2)(a) – Explicit consent of the data subject, unless reliance on consent is prohibited by EU or Member State law

    9(2)(b) – Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement

    9(2)(c) –  Processing is  necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent

    9(2)(d) – Processing carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without consent

    9(2)(e) – Processing relates to personal data manifestly made public by the data subject

    9(2)(f) – Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity

    9(2)(g) – Processing is necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguards

    9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

    9(2)(i) – Processing is  necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of healthcare and of medicinal products or medical devices

    9(2)(j) – Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in accordance with Article 89(1)

    I would suggest that we are covered by the lawfulness of prcessing conditions generally under 6(1)(c) or6(1)(d) andthere also appears to be a special category for social security processing under 9(2)(b). I don't think there is any need to panic that there will be massive changes as far as social security processing is concerned.


    I notice that the latest Version of Academy has a new data-disposal batch program. It seems to only allow retention of inactive data for 2 years. We are used to current year + 5.


    Does anyone know if the retention period has been reduced to two years for HB?


    Hi, I have been asked by our Legal team about sharing our data with DWP and what has been agreed, signed etc.  I have not heard from DWP about this.  Do we have to have a Data Sharing or Processing Agreement between us and DWP? We have stated we share data with DWP on our Privacy Notices etc.  Thanks.


    Good afternoon 

    Wondering what experiences  members are having with GDPR : I am dealing with an overpayment dating back to 2012, and need to double check a customer's Income Support at the time. Customer currently receiving ESA IR 

    CIS records do not go back far enough so rang DWP. The member of staff that I spoke to advised that they didn't have such information and  I needed to contact Data Protection Officer  at the Centre. The Gov.UK website could offer further information. 

    However the information on Gov.UK seems either relevant to the Customer themselves or with third parties such as solicitors. The Council are different in the sense that when someone submits a claim form, they give their consent to our staff to contact the DWP. I have let our manager know about this issued but interested to see how other people are getting on in this respect.  




Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.