Issue - meetings
Data Protection Policy and Records Management Policy
Meeting: 25/03/2026 - Cabinet (Item 69)
69 Data Protection Policy and Records Management Policy 
PDF 121 KB
(A report by John Medler, Assistant Director – Governance & Monitoring Officer)
Additional documents:
- Appendix 1 - Data Protection Policy, item 69
PDF 338 KB
- Appendix 2 - Records Management Policy, item 69
PDF 194 KB
Minutes:
The Portfolio Holder for Finance and Economic Growth, Councillor Sandeep Ghosh, presented a report by the Assistant Director – Governance & Monitoring Officer, which sought approval for the revised Data Protection Policy and Records Management Policy, attached respectively as Appendix 1 and Appendix 2 within the report. The Portfolio Holder explained that the policies had been updated to ensure continued compliance with statutory requirements, including the UK GDPR, the Data Protection Act 2018, and the Data Use and Access Act 2025, and to align practice across the South & East Lincolnshire Councils Partnership.
In presenting the report, it was highlighted that the Records Management Policy provided a clear framework to ensure that the Council’s records were accurate, accessible, secure and retained in accordance with legal and regulatory requirements. The Data Protection Policy set out the responsibilities of officers, Members, contractors and partners in relation to personal data, supporting organisational resilience, lawful processing, and the safeguarding of information assets. Recommendations from Overview and Scrutiny had been incorporated into both documents.
During discussion, the Cabinet noted the importance of all Members understanding their responsibilities when handling personal data, particularly when acting in their distinct roles as ward councillors, political representatives and Members of the Council. Attention was drawn to the section within the appendices outlining the treatment of councillors’ personal data, and Members were encouraged to familiarise themselves with these distinctions.
Members further acknowledged that information governance was an evolving area, particularly in relation to artificial intelligence and emerging data?handling technologies. It was recognised that the policies would be subject to ongoing review as national guidance and regulatory expectations developed, and that the delegations proposed within the report would enable timely updates to be made.
The recommendations were moved by Councillor Sandeep Ghosh and seconded by Councillor Sarah Sharpe.
Resolved:
1. That the draft Data Protection Policy and Records Management Policy, attached at Appendices 1 and 2 within the report, be approved;
2. That amendments to the records management policy be delegated to the Assistant Director – Governance in consultation with the relevant Portfolio Holder to reflect changes in ICO guidance when issued; and
That amendments to the data protection policy be delegated to the Data Protection Officer in consultation with the relevant Portfolio Holder to reflect changes in ICO guidance when issued.