• factors specific to an individual’s physical, physiological, genetic, mental,
economic, cultural or social identity. This would include anything about a
disability.
New kinds of identifying information which GDPR includes in the definition of
personal data are:
• location data - data that has any kind of geographic position attached to it,
e.g. data collected by wireless networks, swipe cards and smart mobile
devices that provide location tracking
• online identifiers, e.g. mobile device IDs, browser cookies, IP addresses
Special Categories of Data (set out in Article 9 of GDPR) are those which are more
sensitive relating to, race, ethnicity, political opinion, genetic or health related data
and sexual orientation, and so needs more protection.
If you are processing data that falls within this category, you must first identify a
lawful basis under Article 6 and a separate condition for processing special category
data under Article 9.
The broadening in the definition of personal data is important because it reflects
changes in technology and the way that organisations collect data about individuals.
Under the Data Protection Act 1998 it has been a requirement for you as a councillor
to be registered as a Data Controller with the Information Commissioners Office
(ICO) and pay a fee. (Some Councils have paid the fees for their Councillors).
This is because as a councillor
1. You make use of personal data provided by your council in the same way as
an officer of the council might make use of data. Council officers and its
suppliers will be subject to the controls of GDPR in the same way they are
under DPA 1998. You will be covered by your Councils notification and fee.
2. You use personal case work material in your own right when you collect or are
given personal data through communications with your residents.
3. You access, collect and deploy personal data through your political
campaigning and activation – with or without the use of political agents or
political parties if you represent one.
As a Data Controller you will need to comply with the new GDPR and Data
Protection Act 2018 unless as a Councillor you do not make any use whatsoever of a
computer/tablet/smart phone etc in connection with your Councillor activities of any
sort.
You should already be keeping personal data secure and only using your official
email address to respond. You will already be aware to be careful with whom you
share personal data and to keep information for no longer than you need to. This
might include other councillors in multi member wards. The new GDPR/ACT will